Definition of Prerouting, Postrouting, Forward, Input, Output MikroTik.
Definition of Prerouting, Postrouting, Forward, Input, Output Mikrotik
* Cảnh báo vài ý trước khi vào nội dung chính mình cần chia sẻ :
- 1. Bài viết này mang tính chất là dành cho cá nhân để lưu trữ kiến thức cũng như kinh nghiệm bản thân đã trải qua.
- 2. Bài viết chia sẻ phi lợi nhuân.
- 3. Bài viết có thể làm vài bạn sẽ biểu môi rằng đơn giản thế này ai chẳng biết, post lên làm gì ==> thì nhìn lại mục "1" nhé.
- 4. Bài viết có lấy hình ảnh và một vài nội dung trên internet, nên nếu có gì vi phạm, cảm phiền các bạn báo lại giúp mình.
🔷INPUT , is a chain that is used to process traffic that enters the body of the router itself. This incoming traffic can enter from public interface (internet) or local interface (local). For example, suppose we ping from a local computer to the ip router, such as we want to block icmp (ping) traffic to the router body from the internal network, then we can use the INPUT chain on the IP -> Firewall -> Filter by filtering based on in-interface, src-address and protocol.
🔷OUTPUT , you could say this chain is the opposite of the INPUT chain , which is used to process traffic that comes out or comes from the body of the router, the goal can be the internal network (local) or public network (internet). For example, when we check ping to uranus.com.vn from the proxy terminal, the request we make is included in the output chain. Or when we do a remote winbox either from an internal computer or from a public network, the packets sent by the router to winbox access on our computer are also included in the chain output.
🔷OUTPUT , you could say this chain is the opposite of the INPUT chain , which is used to process traffic that comes out or comes from the body of the router, the goal can be the internal network (local) or public network (internet). For example, when we check ping to uranus.com.vn from the proxy terminal, the request we make is included in the output chain. Or when we do a remote winbox either from an internal computer or from a public network, the packets sent by the router to winbox access on our computer are also included in the chain output.
🔷PREROUTING: this chain occurs before the INPUT process and we can use it to mark trafic that "will" enter the router body from anywhere, be it to the body of the router, to the public network or internal network which can later be done locally to process that connection. As a simple example for the separation of routing browsing trafic and online games at an internet cafe or games center that users 2 ISP lines, if we want to mark the onlline games traffic based on the connection to for routing to ISP-A, in the IP->Firewall>Mangle we can use chain PREROUTING for connection tagging and routing taffing with filltering based on the In-interface, src-address, dst-address, protocol, src-port or dst-port.
🔷POSTROUTING: this chain is the opposite of the PREROUTING chain and occurs after passing through local processes in the body of the router. This chain can be used fo marking traffic through a router or going out of the body of the router either to the local network (local) or to the public network (internet) and after passing through the local process on the router. For example, when we want to make a marking of marking of traffic that has gone through the process of redirect or deflection in the proxy's internal web proxy.
🔷FORWARD: is a chain that we use to process traffic that only passes through the body of the router without any internal peresses in the body of the router such as the process of redirecting or deflecting traffic. From the meaning of the FORWARD, we can simply conclude that traffic is only forwarded. For example, suppose we want to create a rule mangle on the IP -> Firewall -> Mangle for tagging browsing packages from an internal computer to the internet, here wa can use the FORWARD chain by filltering src-address or In-interface (interfacelocal) or out-interface (interfacepublic)
🌎 Channel Youtube : >>>Link here<<<
Đặt quảng cáo của bạn ở đây
Nhận xét
Đăng nhận xét