Can I ask any of you with a comprehensive knowledge of RoS to verify if my understanding of how firewall rules are processed is correct please.
There are five chains which pertain to packet “stages” within the RoS software - in this specific order:
Prerouting
Input
Forward
Output
Postrouting
I have quite a few prerouting rules to flow packets over my two WAN links. I think I am causing issues by unchecking “passthrough”.
“Passthrough” checked means that if a packets matches THIS rule, rules lower in the rule order from the same chain will also be evaluated against the packet.
“Passthrough” not-checked means that if a packet matches THIS rule no further rules in THIS chain will be evaluated against the packet.
In other words do not exit the mangle chain, and go to the next mangle rule, passthrough=yes.
doesn’t seem to fit with this depiction of “chains” as NAT Types from rOS documentation;
Do the “filter” boxes represent the firewall chains, input/forward/output? Do the “mangle” boxes represent the “mangle chains”? In the Types Of NAT diagram can we think of the rows1- prerouting/3-forwarding/5-postrouting as the treatment of packets not going to or coming from the router itself? Do rows 2-input/4-output apply, like firewall input and output chains, only to packets that go to/from the router itself?
I would like to be able to construct a (large) PP slide that shows all packet paths, but I don’t yet understand enough.
Thank you - I had not found that page for some reason - I’m solved now.
Fully stable and operating at three times previous speed before I started my Mikrotik education journey.
Who knew!
