If it doesn't meet any rules that are true, the packet is accepted, you should therefore end the list with a drop rule with in-interface set to your internet interface. In a very basic server environment, on the forward chain you will want to accept ports like 80+443 (web) for everyone, accept 22+3389 (ssh/rdp) for yourself, and drop the rest of the packets.Ī MikroTik router processes rules from the top to the bottom and stops processing more rules, whenever it finds a rule that is true for the packet. In a server environment, the forward chain is therefore what you use the most. The forward chain is for all packets going through the router - being forwarded to a public IP either inside or outside of the router. The output chain is for packets with a source IP on the router, meaning all packets originating on the router will be checked with the output chain. If you are using the router as DNS server for your local network, it's DNS requests will be using the output chain. Packets with a destination ip on the router (see /ip addresses for a list) will be checked with the input chain, so for the router itself or if you have local devices where public IPs are port forwarded to a NATed IP, you need to use the input chain. Your MikroTik router have 3 main chains for rules: Input, Output and Forward.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |