Answer the question
In order to leave comments, you need to log in
No access to port 443 Mikrotik ccr1009-7g-1c. What to do?
Good day.
it is not possible to open port 443 to the forum, which is on the machine.
I have been suffering for a long time so I decided to write here
/ip firewall address-list
add address=77.78.100.209 disabled=yes list=block-ip-dst
add address=77.78.100.210 comment=ESXi disabled=yes list=block-ip-dst
add address=91.219.244.203 list=enabla-ip-dst
add address=109.81.208.136 list=enabla-ip-dst
add address=46.13.55.186 list=enabla-ip-dst
add address=78.102.147.169 list=enabla-ip- dst
add address=188.175.125.147 list=enabla-ip-dst
add address=37.192.58.90 comment="Stolen nsk" list=enabla-ip-dst
add address=89.103.112.121 list=enabla-ip-dst
add address=81.30 .251.41 list=enabla-ip-dst
add address=37.192.58.90 list=Usnul-Admin
add address=91.219.244.203 list=Usnul-Admin
add address=78.102.147.169 list=Usnul-Admin
add address=188.175.125.147 list=Usnul-Admin
add address=37.188.159.174 list=Usnul-Admin
add address=103.244.82.231 list=Usnul-Admin
add address=78.102.147.169 list=Masters
add address=104.18.60.150 list=Masters
add address=103.21.244.0/22 comment=cloudflare list=enabla-ip -dst
add address=103.22.200.0/22 list=enabla-ip-dst
add address=103.31.4.0/22 list=enabla-ip-dst
add address=104.16.0.0/12 list=enabla-ip-dst
add address= 108.162.192.0/18 list=enabla-ip-dst
add address=172.64.0.0/13 list=enabla-ip-dst
add address=188.114.96.0/20 list=enabla-ip-dst
add address=197.234.240.0/22 list=enabla-ip-dst
add address=162.158.0.0/15 list=enabla-ip-dst
add address=173.245. 48.0/20 list=enabla-ip-dst
add address=141.101.64.0/18 list=enabla-ip-dst
add address=131.0.72.0/22 disabled=yes list=block-ip-dst
add address=190.93.240.0/ 20 list=enabla-ip-dst
add address=198.41.128.0/17 list=enabla-ip-dst
add address=131.0.72.0/22 list=enabla-ip-dst
add address=82.208.37.33 list=CGCS-SECURE- IP
add address=46.13.55.186 list=CGCS-SECURE-IP
add address=84.242.100.107 list=CGCS-SECURE-IP
add address=84.242.100.109 list=CGCS-SECURE-IP
add address=62.141.29.254 list=CGCS- SECURE IP
add address=62.141.30.139 list=CGCS-SECURE-IP
add address=82.208.44.193 list=CGCS-SECURE-IP
/ip firewall filter
add action=accept chain=forward dst-address=77.78.97.220 dst-port=443 \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
packet-mark=GEO_OK protocol=tcp
add action=accept chain=forward dst-address=77.78.97.219 dst-port=443 \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
packet-mark=GEO_OK protocol=tcp
add action=drop chain=forward dst-port=53 in-bridge-port=\
" E1-CASA uplink" protocol=udp
add action=drop chain=forward dst-port=389,636 protocol=udp
add action=drop chain=forward protocol=udp src-port=123
add action=drop chain=forward comment="drop dle seznamu src" \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
src-address-list=block-ip
add action= drop chain=forward dst-port=53 in-bridge-port=\
"E1-CASA uplink" protocol=tcp
add action=drop chain=forward comment="drop dle seznamu dst" \
dst-address-list=block-ip -dst in-bridge-port="E1-CASA uplink" \
out-bridge-port=E2-SERVER src-address-list=!enabla-ip-dst
add action=accept chain=forward comment="web na 77.78. 97.220" \
dst-address=77.78.97.220 dst-port=80 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="arma na 77.78.97.212" \
dst-address=77.78.97.212 dst-port=2302 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2- SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="tsna 77.78.97.211" \
dst-address=77.78.97.211 dst-port=10011 in-bridge-port=\
"E1-CASA uplink " out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="tsna 77.78.97.211" \
dst-address=77.78.97.211 dst-port=30033 in-bridge -port=\
"E1-CASA uplink"out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=tcp
add action=accept chain=forward comment="tsna 77.78.97.211" \
dst-address=77.78.97.211 dst-port=9987 in-bridge-port=\
"E1-CASA uplink" out-bridge-port=E2-SERVER packet-mark=GEO_OK \
protocol=udp
add action=accept chain=input comment="CGCS pro spravu" dst-port=8291 \
protocol=tcp src-address-list=CGCS-SECURE-IP
add action=accept chain=input comment="Usnul admin" dst-port=8291 \
protocol=tcp src -address-list=Usnul-Admin
add action=accept chain=input comment="povoleni full access z home" \
src-address=46.13.55.186
add action=accept chain=forward comment="related established" \
connection-state= established,related
add action=accept chain=input comment="related, established accept" \
connection-state=established,related
add action=drop chain=input comment="default rule" in-bridge-port=\
"E1-CASA uplink"
add action=accept chain=forward src-address-list=Masters
/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=AM
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src- address-list=UA
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=RU
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough =yes src-address-list=LV
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=KZ
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=KZ
add action=mark-packet chain=forward new-packet- mark=GEO_OK \
passthrough=yes src-address-list=IL
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=GE
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=EE
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=DE
add action=mark- packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=CZ
add action=mark-packet chain=forward new-packet-mark=GEO_OK \
passthrough=yes src-address-list=BY
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=\
192.168. 145.0/24
add action=dst-nat chain=dstnat disabled=yes dst-address=77.78.97.220 \
dst-port=443 in-interface=bridge1 protocol=tcp to-addresses=\
77.78.97.220 to-ports=443
www -ssl disabled
Answer the question
In order to leave comments, you need to log in
/ip firewall filter
add action=accept chain=forward dst-address=77.78.97.220 dst-port=443 \
in-bridge-port="E1-CASA uplink" out-bridge-port=E2-SERVER \
packet-mark= GEO_OK protocol=tcp
Not all of the config is shown, or it is not up-to-date, or assembled from pieces.
bridge1 is what? what is the address on it? What ports are included?
ip firewall nat export
interface bridge export
ip
address export
And even better, roll back everything to the state "did not touch it with your hands", the forwarding works for you from other addresses
x.x.x.212 - the roundcube has opened. Stupidly copy the settings for this address.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question