Community discussions

MikroTik App
 
yri
newbie
Topic Author
Posts: 42
Joined: Wed Jun 28, 2006 1:19 pm

Cant access port 80 on mikrotik

Tue Aug 14, 2007 3:26 pm

www is enabled
telnet is working also like ftp only www is not opening !
what could be wrong ?

2.9.27


/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="Drop Invalid connections" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=input connection-state=established action=accept comment="Allow Established connections" disabled=no
add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input src-address=192.168.0.0/24 action=accept comment="Allow access to router from known network" \
disabled=no
add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no
add chain=input action=drop comment="Drop anything else" disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop comment="drop invalid connections" \
disabled=no
add chain=forward connection-state=established action=accept comment="allow already established connections" \
disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment="" disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment="" disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment="" disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP" disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="deny RPC portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="deny RPC portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT" disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="deny cifs" disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS" disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny NetBus" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus" disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny BackOriffice" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP" disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP" disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC portmapper" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC portmapper" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT" disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS" disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment="deny BackOriffice" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop invalid connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="allow established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="allow already established connections" \
disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow source quench" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow echo request" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow time exceed" disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow parameter bad" disabled=no
add chain=icmp action=drop comment="deny all other types" disabled=no
add chain=forward src-address-list=all_services action=accept comment="allow 192.168.0.0/25 full access" \
disabled=no
add chain=forward protocol=tcp dst-port=110 src-address-list=mail action=accept comment="allow pop3 to \
192.168.0.230/27" disabled=no
add chain=forward protocol=tcp dst-port=25 src-address-list=mail action=accept comment="allow smtp to \
192.168.0.230/27" disabled=no
add chain=forward src-address-list=mail action=drop comment="drop all other from 192.168.0.230/27" disabled=no
add chain=forward protocol=tcp tcp-flags=syn connection-limit=5,32 action=drop comment="" disabled=no
add chain=tcp src-address=192.168.0.11 time=9h-19h,sat,fri,thu,wed,tue,mon,sun action=drop comment="Time Date \
Drop" disabled=no
add chain=tcp src-address=192.168.0.10 action=drop comment="" disabled=no
add chain=tcp src-address=192.168.0.14 time=9h-19h,sat,fri,thu,wed,tue,mon,sun action=drop comment="" \
disabled=no
add chain=udp src-address=192.168.0.14 time=9h-19h,sat,fri,thu,wed,tue,mon,sun action=drop comment="" \
disabled=no
add chain=tcp src-address=192.168.0.9 time=9h-19h,fri,thu,wed,tue,mon action=drop comment="" disabled=no
add chain=udp src-address=192.168.0.9 time=9h-19h,fri,thu,wed,tue,mon action=drop comment="" disabled=no
add chain=tcp src-mac-address=00:03:47:48:E7:22 action=drop comment="" disabled=no

any ideas ???
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6284
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Cant access port 80 on mikrotik

Tue Aug 14, 2007 4:24 pm

try using other version that 2.9.27 and check your nat settings, maybe something interesting in there

and to check whether it is FW that is blocking that port set up rule that accepts port 80 and move that up in the list
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6630
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Cant access port 80 on mikrotik

Tue Aug 14, 2007 5:30 pm

Upgrade to 2.9.45.

Who is online

Users browsing this forum: Bing [Bot], gocenik, Google [Bot], tipex and 217 guests