Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
Blind_batman2018-09-26 18:42:58
Mikrotik
Blind_batman, 2018-09-26 18:42:58

No access to port 443 Mikrotik ccr1009-7g-1c. What to do?

Good day.
it is not possible to open port 443 to the forum, which is on the machine.
I have been suffering for a long time so I decided to write here
/ip firewall address-list
add address=77.78.100.209 disabled=yes list=block-ip-dst
add address=77.78.100.210 comment=ESXi disabled=yes list=block-ip-dst
add address=91.219.244.203 list=enabla-ip-dst
add address=109.81.208.136 list=enabla-ip-dst
add address=46.13.55.186 list=enabla-ip-dst
add address=78.102.147.169 list=enabla-ip- dst
add address=188.175.125.147 list=enabla-ip-dst
add address=37.192.58.90 comment="Stolen nsk" list=enabla-ip-dst
add address=89.103.112.121 list=enabla-ip-dst
add address=81.30 .251.41 list=enabla-ip-dst
add address=37.192.58.90 list=Usnul-Admin
add address=91.219.244.203 list=Usnul-Admin
add address=78.102.147.169 list=Usnul-Admin
add address=188.175.125.147 list=Usnul-Admin
add address=37.188.159.174 list=Usnul-Admin
add address=103.244.82.231 list=Usnul-Admin
add address=78.102.147.169 list=Masters
add address=104.18.60.150 list=Masters
add address=103.21.244.0/22 ​​comment=cloudflare list=enabla-ip -dst
add address=103.22.200.0/22 ​​list=enabla-ip-dst
add address=103.31.4.0/22 ​​list=enabla-ip-dst
add address=104.16.0.0/12 list=enabla-ip-dst
add address= 108.162.192.0/18 list=enabla-ip-dst
add address=172.64.0.0/13 list=enabla-ip-dst
add address=188.114.96.0/20 list=enabla-ip-dst
add address=197.234.240.0/22 ​​list=enabla-ip-dst
add address=162.158.0.0/15 list=enabla-ip-dst
add address=173.245. 48.0/20 list=enabla-ip-dst
add address=141.101.64.0/18 list=enabla-ip-dst
add address=131.0.72.0/22 ​​disabled=yes list=block-ip-dst
add address=190.93.240.0/ 20 list=enabla-ip-dst
add address=198.41.128.0/17 list=enabla-ip-dst
add address=131.0.72.0/22 ​​list=enabla-ip-dst
add address=82.208.37.33 list=CGCS-SECURE- IP
add address=46.13.55.186 list=CGCS-SECURE-IP
add address=84.242.100.107 list=CGCS-SECURE-IP
add address=84.242.100.109 list=CGCS-SECURE-IP
add address=62.141.29.254 list=CGCS- SECURE IP
add address=62.141.30.139 list=CGCS-SECURE-IP
add address=82.208.44.193 list=CGCS-SECURE-IP
/ip firewall filter
add action=accept chain=forward dst-address=77.78.97.220 dst-port=443 \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
packet-mark=GEO_OK protocol=tcp
add action=accept chain=forward dst-address=77.78.97.219 dst-port=443 \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
packet-mark=GEO_OK protocol=tcp
add action=drop chain=forward dst-port=53 in-bridge-port=\
" E1-CASA uplink" protocol=udp
add action=drop chain=forward dst-port=389,636 protocol=udp
add action=drop chain=forward protocol=udp src-port=123
add action=drop chain=forward comment="drop dle seznamu src" \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
src-address-list=block-ip
add action= drop chain=forward dst-port=53 in-bridge-port=\
"E1-CASA uplink" protocol=tcp
add action=drop chain=forward comment="drop dle seznamu dst" \
dst-address-list=block-ip -dst in-bridge-port="E1-CASA uplink" \
out-bridge-port=E2-SERVER src-address-list=!enabla-ip-dst
add action=accept chain=forward comment="web na 77.78. 97.220" \
dst-address=77.78.97.220 dst-port=80 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="arma na 77.78.97.212" \
dst-address=77.78.97.212 dst-port=2302 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2- SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="tsna 77.78.97.211" \
dst-address=77.78.97.211 dst-port=10011 in-bridge-port=\
"E1-CASA uplink " out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="tsna 77.78.97.211" \
dst-address=77.78.97.211 dst-port=30033 in-bridge -port=\
"E1-CASA uplink"out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="tsna 77.78.97.211" \
dst-address=77.78.97.211 dst-port=9987 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=udp
add action=accept chain=input comment="CGCS pro spravu" dst-port=8291 \
protocol=tcp src-address-list=CGCS-SECURE-IP
add action=accept chain=input comment="Usnul admin" dst-port=8291 \
protocol=tcp src -address-list=Usnul-Admin
add action=accept chain=input comment="povoleni full access z home" \
src-address=46.13.55.186
add action=accept chain=forward comment="related established" \
connection-state= established,related
add action=accept chain=input comment="related, established accept" \
connection-state=established,related
add action=drop chain=input comment="default rule" in-bridge-port=\
"E1-CASA uplink"
add action=accept chain=forward src-address-list=Masters
/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=AM
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src- address-list=UA
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=RU
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough =yes src-address-list=LV
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=KZ
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=KZ
add action=mark-packet chain=forward new-packet- mark=GEO_OK \
passthrough=yes src-address-list=IL
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=GE
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=EE
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=DE
add action=mark- packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=CZ
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=BY
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=\
192.168. 145.0/24
add action=dst-nat chain=dstnat disabled=yes dst-address=77.78.97.220 \
dst-port=443 in-interface=bridge1 protocol=tcp to-addresses=\
77.78.97.220 to-ports=443
www -ssl disabled

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
G
Gregory, 2018-09-26
@Maxlinus

/ip firewall filter
add action=accept chain=forward dst-address=77.78.97.220 dst-port=443 \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
packet-mark= GEO_OK protocol=tcp

decipher this for us

Report
P
poisons, 2018-09-26
@poisons

Not all of the config is shown, or it is not up-to-date, or assembled from pieces.
bridge1 is what? what is the address on it? What ports are included?
ip firewall nat export
interface bridge export ip
address export And even better, roll back everything to the state "did not touch it with your hands", the forwarding works for you from other addresses x.x.x.212 - the roundcube has opened. Stupidly copy the settings for this address.

Similar questions
L
Luan2020-08-06 11:24:58
Is it possible to combine two ports into a bridge and make a network with NAT to this network? 3Reply
M
MadRat2014-01-23 08:30:05
How to calculate load on mikrotik for 50+ users? 4Reply
E
efkot2016-04-07 19:21:55
3 WAN and torrents? 2Reply
R
Ruslan Ibragimov2018-09-03 23:38:41
How to get internet via LAN from another router and distribute WIFI? 2Reply
M
MrDZ2020-08-07 15:25:52
Is bgp not stable? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question