Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Document 12927714

advertisement 
University of Babylon, IT College
Information Network Dep., Third Class, Second Semester
MTCNA Course
MikroTik Certified Network Associate
2015-2016
By M.Sc. I.T Alaa A. Mahdi
• DNS AND DST-NAT
• ADDRESS-LIST
DST-NAT Example
DNS and DST-NAT
Force users to use specified DNS server
This is just simple firewall rule which will
force all Your users behind RB to use DNS
server which You will define.
This rule will force all users with custom defined DNS server to
use 192.168.88.1 as their DNS server, this rule will simply
redirect all request sent to ANY-IP:53 to 192.168.88.1:53
/ip firewall filter nat
add chain=dstnat protocol=tcp dst-port=53
action=dst-nat to-addresses=192.168.88.1
to-ports=53
add chain=dstnat protocol=udp dst-port=53
action=dst-nat to-addresses=192.168.88.1 toports=53
Address-List
Firewall address lists allow to create a list of
IP addresses to be used for packet matching.
Firewall address lists allow user to create lists
of IP addresses grouped together. Firewall
filter, mangle and NAT facilities can use
address lists to match packets against them.
Creating an Address List
Name - specify the name of the address list to
add IP address to.
address (IP address/netmask | IP address-IP
address) - specify the IP address or range to
be added to the address list.
Example Address List
Sometimes, in MT logs, you will see that
some IPs from WAN/LAN try to login to
your MT box using SSH, Winbox, etc. To
secure your router, the best solution would
be to come up with a list of networks that
should be allowed to access the router
administratively, and block everything else.
The address list records could be updated
dynamically via the
action=add-src-to-address-list or
action=add-dst-to-address-list
• add-dst-to-address-list - add destination
address to address list specified by addresslist parameter .
• add-src-to-address-list - add source
address to address list specified by addresslist parameter .
address-list (string; Default: )
Name of the address list to be used.
Applicable if action is add-dst-to-address-list
or add-src-to-address-list
address-list-timeout (time; Default: 00:00:00)
Time interval after which the address will be
removed from the address list specified by
address-list parameter. Used in conjunction
with add-dst-to-address-list or add-src-toaddress-list actions
Value of 00:00:00 will leave the address in the
address list forever .
Related documents
Cos 338 Fall 2005 Lab 10
Cos 338 Fall 2005 Lab 10
Questions for Unit-7
Questions for Unit-7
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
End of Chapter Solutions Template
End of Chapter Solutions Template
Development of the domain name system Baoning Wu 01/30/2003
Development of the domain name system Baoning Wu 01/30/2003
1-07 ICS2O3C - Warriors of the Net
1-07 ICS2O3C - Warriors of the Net
Unit 2- Networking 2
Unit 2- Networking 2
Authoritative+and+Caching+DNS
Authoritative+and+Caching+DNS
Complementing Commonly Used Security Technologies
Complementing Commonly Used Security Technologies
Detect Malware and APTs with DNS Firewall Virtual Evaluation
Detect Malware and APTs with DNS Firewall Virtual Evaluation
Palo Alto Firewall - Unauthorized DNS Query V1.0
Palo Alto Firewall - Unauthorized DNS Query V1.0
Solution Note - Secure DNS for Mobile Service Providers
Solution Note - Secure DNS for Mobile Service Providers
Download
advertisement