Hello people,
I have bought the latest device RB4011iGS-5HacQ-2HnD-In which is really great! This is a second RB device in my hand.
When I been configuring it for my personal SOHO I looked into DefConfig first and noticed some things. I have looked through wiki page and could not find explanations for couple things.
1. The default firewall rules include two rules:
/ip firewall filter
add action=accept chain=forward comment="defconf:Accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf:Accept out ipsec policy" ipsec-policy=out,ipsec
Question. What are they for? What do they do?
2. The "masquerade" action for NAT.
The wiki page for Masquerade (https://wiki.mikrotik.com/wiki/Manual:I ... squerade_2) says NAT rule is following
/ip firewall nat add chain=srcnat action=masquerade out-interface=Public
but "DefConfig" rule from manufacturer differs from that. The "DefConfig" rule is:
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
Question. What does "ipsec-policy=out,none" parameter do?
Many thanks for Your answers.