Community discussions

 
User avatar
ScottReed
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Thu Sep 24, 2009 9:47 pm
Location: Montana / Western Massachusetts

Firewall rules bypassed after enabling Web Proxy

Thu Sep 24, 2009 10:59 pm

Am running RouterOS 4.0 beta4.

I have two L7 Protocols defined and two Firewall Filter Rules to go along. Both have been working fine.

Today I enabled Web Proxy to begin blocking traffic to certain sites based on DNS names. I setup a new NAT rule to redirect packets through the proxy and I noticed that my firewall rules, including the L7 rules, are no longer inspecting packets. As soon as I disable the redirection to the proxy the rules begin working fine.

What am I doing wrong?

Thanks,
Scott
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Firewall rules bypassed after enabling Web Proxy

Thu Sep 24, 2009 11:46 pm

Your rules that stopped working are most likely filtering in the 'forward' chain. Because of the redirect to the proxy, the proxy is now the entity that requests traffic from the net and forwards it back to the customer (and vice versa). The proxy resides on the device itself, so it works with the 'output' and 'input' chains.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
User avatar
ScottReed
Member Candidate
Member Candidate
Topic Author
Posts: 111
Joined: Thu Sep 24, 2009 9:47 pm
Location: Montana / Western Massachusetts

Re: Firewall rules bypassed after enabling Web Proxy

Fri Sep 25, 2009 12:42 am

Fewi -

Thanks. Moving the rules into the "Input" chain has worked. I am again processing my L7 rules.

Scott

Who is online

Users browsing this forum: MSN [Bot] and 103 guests