Community discussions

MikroTik App
 
ashpri
Member Candidate
Member Candidate
Topic Author
Posts: 154
Joined: Sun Oct 14, 2018 3:11 am

Question on MUM topic "Local IP leaking to public network"

Fri Aug 12, 2022 5:42 am

Referring to this MUM by Janis Megis https://mum.mikrotik.com/presentations/ ... 948376.pdf, page 27 "Local IP leaking to public network".

On page 31 for the solution it states:
1. Use action=src-nat instead of action=masquerade where it is possible
2. Drop connection-state=invalid packets
3. Drop connection-state=new connection-natstate=!dstnat packets from public interface
4. Creating backup “blackhole” route for each routing-mark

Clarification:
1. For #2, does he mean:
add action=drop chain=input connection-state=invalid
OR
add action=drop chain=forward connection-state=invalid

2. For #3, does he mean:
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

3. What does #4 entail?

Who is online

Users browsing this forum: elvtechnology, GoogleOther [Bot] and 76 guests