Syed Jahanzaib Personal Blog to Share Knowledge !

December 13, 2019

Mikrotik – Packet Chain Topology

Filed under: Mikrotik Related — Syed Jahanzaib / Pinochio~:) @ 9:36 AM

 


Firewall Mangle

Firewall mangle is used to mark IP packet. These marks are used by other router facilities like routing, firewall filter and bandwidth management to identified the packets. Moreover it also used to modify some fields in the IP header, like TOS (DSCP) and TTL fields. There are 5 default chain in firewall mangle.

INPUT

Packet that come into router will check with input chain. It is used to process packets entering the router. For example If we want to filter packet that telnet or ssh to router we need to use input chain in firewall filter.– Used to process packets entering the router through one of the interfaces with the destination IP address which is one of the router addresses. Chain input is useful for limiting the configuration access to Mikrotik Router.
or
– The connection that occurs from local to router and ends in router
example: use of the internal proxy (internal proxy right in the router)

PREROUTING

Prerouting is looked at before the router makes a routing decision. It’s happen before input chain. The packet that forward passthrough the router will match prerouting first.Pre-routing means that the connection will enter the router (no matter from where / depends on the settings mangle in interface later) . this connection will be in the process inside the router, can the process of bending to the external proxy, can filtering port, can anything, anyway there is a process, prerouting it marks the connection before the process occurs.

FORWARD

After prerouting, packet that passthrough router will process by forward chain. Used to process packets passing through the router. Example we want to block users to open facebook. We will use firewall forward chain to do it.– Used to process data packets through routers, connections that occur from the public to local
or
– The connection that occurs from local to public
with the provision that there is no process inside the router, it means that the connection is direct and only passing in the router does not happen a process inside the router.

POSTROUTING

Postrouting is a connection that will exit the router after a process occurs inside the router. It’s happen after forward. Postrouting is looked at after the router makes a routing decision.

OUTPUT

OUTPUT is used to process packets that originated from the router. Normally we rarely use this chain. Example we ping from router to Internet that’s output traffic.

or to process data packets originating from the router and left through one of the interfaces, connections that occur from the router to the public. It is used to process packets that originated from the router

============================================================================

Firewall Filter

Most of the time we use it for filter traffic simply say to protect our network from unauthorized user or bad guy. There are three default chain in firewall filter. It’s input, output and forward.

 

Does it matter where you mark?

Yes, because sometimes you might overmark and sometimes you might undermark. Choose the right place for the right classification/marking

 

%d bloggers like this: