Explanation of MikroTik Chain: Input, Forward, Prerouting….
Explanation of Mikrotik Chain: Input, Forward, Prerouting….
In the Mikrotik settings, in the IP > firewall section, in the first four tabs (filter, nat, mangle, raw), when you want to define a new role, you will see the Chain option in the first field in the general section.
This chain is for determining the type of traffic in Mikrotik.
There are seven types of Chains in Mikrotik. Input, Output, forward, prerouting, postrouting, srcnat, dstnat
There are five types of chains, srcnat and dstnat are subsets of other chains, but for a better understanding, we consider these types separately.
Each of these chains has its own meaning, by which you can specify which packet you want to define in the role you want, and which is the other type of packet you want to process. Below this chain We explain them completely.
Input: Input packets to Mikrotik so that the destination of the packet is the Mikrotik router itself, that is, the destination IP is defined on Mikrotik.
Output: The output packet from Mikrotik in such a way that the main producer and mother of this packet is the router itself
Forward: Packets whose origin and destination are not the Mikrotik router and only pass through your Mikrotik to reach their destination.
Prerouting: Packets that are in the stage of reaching Mikrotik and are supposed to be assigned a task, such as where they are supposed to go, or ttl will be changed for them, or they will be marked or… All these things are done in this section
Postrouting: Packets whose tasks have been determined and where they will go enter this stage. This stage is located after the Output or Forward stage, and in this part, we can perform operations such as srcnat, ttl change, etc., anything that can be done in this chain. let’s do
SrcNat: by this chain, which is actually the sub-chain of PostRouting. Through this part, we can perform operations such as changing the source IP, logging, adding addresses to the list, etc., all the things that are in this chain.
DstNat: This chain is the PreRouting sub-chain. Through this section, we can perform operations such as changing the destination IP. Let’s do the logging of the destination IPs and all the things that can be done in this way.
It is important to execute the steps as shown in the picture above. For example, we cannot do DstNat operation after the OutPut chain because DstNat is a sub-branch of the Prerouting chain. Or, for example, we cannot change the source IP in the dstnat chain because this is in the hands of the srcnat chain.
With a little practice on your Mikrotik router, you can master this completely.
