Shouldn't be. I created the firewall rule before the NAT rule and there
wasn't any pre-existing connections to SQL.
Rory McCann
MKAP Technology Solutions
Web: www.mkap.net
On 12/17/2013 10:33 AM, Josh Luthman wrote:
Maybe using an already established connection?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Dec 17, 2013 11:29 AM, "Rory McCann" <[email protected]> wrote:
There are allow rules, but nothing that would have matched anything in
this particular rule.
Rory McCann
MKAP Technology Solutions
Web: www.mkap.net
On 12/17/2013 10:23 AM, Louis Arsenault wrote:
Do you have an allow established rule before this rule?
Having the allow established rule will continue to allow those bad
connections until you move the drop rule above it or restart the
router.
-Louis
On Tue, Dec 17, 2013 at 11:19 AM, Rory McCann <[email protected]>
wrote:
Can someone explain to me why the following firewall rule isn't working:
/add action=drop chain=forward comment="SQL Access" dst-address=1.2.3.4
dst-port=1433 protocol=tcp src-address-list=!SQL/
From what I understand, this rule should drop SQL traffic from any
address
not in the SQL address list, correct?
My corresponding NAT rule is this:
/add action=dst-nat chain=dstnat comment="My Farm Records - SQL Access"
dst-address=1.2.3.4 dst-port=1433 protocol=tcp to-addresses=10.2.7.7
to-ports=1433/
It seems as though the NAT rule was taking precedence over the Firewall
rule. My SQL server was getting hammered with invalid logins until I
added a
src-addrerss-list entry to the NAT rule as well.
This is on ROS v6.7
--
Rory McCann
MKAP Technology Solutions
Web: www.mkap.net
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20131217/4fd1c693/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
