Community discussions

MikroTik App
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

where is tcp-options=non-syn-only in mikrotik?

Fri Nov 19, 2010 1:41 pm

hi all
i would like to use web proxy and have a problem.
I use firewall to block access to mikrotik (input) and it causes not to work web proxy.
here in documentation below says "Make sure you allow established TCP connections with tcp option 'non-syn-only' to the router before blocking everything else".
http://www.mikrotik.com/documentation/m ... proxy.html

but i could'nt find any tcp option in firewall rules.
my OS is 4.10

please help me on this.
thanks.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: where is tcp-options=non-syn-only in mikrotik?

Fri Nov 19, 2010 1:54 pm

You should use these docs:
http://wiki.mikrotik.com/wiki/Manual:IP/Proxy

I think the old docs mean you must allow established connections. If you are using the "/ip firewall filter" rules in "Protect Your Router" from the old docs, you should have a rule before the drop rule like this:

/ip firewall filter
chain=input action=accept connection-state=established
(other rules)
chain=input action=drop
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Re: where is tcp-options=non-syn-only in mikrotik?

Fri Nov 19, 2010 2:03 pm

thanks for your reply
i used "chain=input action=accept connection-state=established"
befor this rule "chain=input action=drop"

but again it doesn't work until i disable this "chain=input action=drop".
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: where is tcp-options=non-syn-only in mikrotik?

Fri Nov 19, 2010 4:44 pm

That doesn't make sense in the old manual. You have to permit traffic in the input chain that is destined to your proxy port. If that is 8080, the following will work:
/ip firewall filter
add chain=input protocol=tcp dst-port=8080 action=accept
add chain=input action=drop

Who is online

Users browsing this forum: Bing [Bot], fredcom and 189 guests