Community discussions

MUM Europe 2020
 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

How To Block, once NAT-ed packets

Mon May 10, 2010 5:45 pm

Hello,

I Want to block the packets (connections ) which have already been NAT-ed. (Say, Do not Allow User to share his internet, via windows, or some router)

I'll be glad To see a nice answer.

I'm using ROS 3.30 version.

Thanks waiting for your reply
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How To Block, once NAT-ed packets

Mon May 10, 2010 5:59 pm

Manually set the TTL to 1 for everything you send to the client. That's supported in the firewall mangle facilities.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8333
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How To Block, once NAT-ed packets

Mon May 10, 2010 6:01 pm

or
/ip fi fi add chain=forward in-interface=Local ttl=equal:127 action=drop/reject
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
Sob
Forum Guru
Forum Guru
Posts: 5034
Joined: Mon Apr 20, 2009 9:11 pm

Re: How To Block, once NAT-ed packets

Tue May 11, 2010 7:12 pm

And the client will also buy MikroTik device for his gateway and use:
/ip firewall mangle add action=change-ttl chain=prerouting in-interface=WAN new-ttl=increment:1
/ip firewall mangle add action=change-ttl chain=postrouting out-interface=WAN new-ttl=increment:1
;)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.

Who is online

Users browsing this forum: macsrwe, Neilccu, yresquirol and 90 guests