letters are transition points from the first main diagram to more detailed ones. This way we reduced amount of information in main diagramI think they're great
However, I don't know what the letters/numbers mean.
it IS, just like the previous one. it's just a look from another point. like a map VS globe - the Earth is still the sameWhen it will be use in 6.x ?
I'm talking about prerouting.It shows it not only in Input chain, but in the Postrouting chain as well.
Ok, that makes sense.Any kind of traffic first hits Global HTB, then Simple Tree, and it does it only once.
I need to understand before I can adapt.The packet flow has changed and you will need to adopt to it.
no opportunityThere is no mangle opportunity after that to re-mark the packet before Interface HTB(4-)?
it cannotcan a packet carry more than one mark?
/interface bridge add l2mtu=1590 name=BR_TEST /ip hotspot user profile set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d /interface bridge filter add action=mark-packet chain=input in-interface=ether1 new-packet-mark=PACKET_ETH1_UPLOAD add action=mark-packet chain=output new-packet-mark=PACKET_ETH1_DOWNLOAD out-interface=ether1 /interface bridge port add bridge=BR_TEST interface=ether1 add bridge=BR_TEST interface=ether3 add bridge=BR_TEST interface=ether4 add bridge=BR_TEST interface=ether5 /interface bridge settings set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=yes /ip address add address=192.168.88.1/24 comment="default configuration" interface=BR_TEST network=192.168.88.0 /ip dhcp-client add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether2 /ip dns set allow-remote-requests=yes /ip dns static add address=192.168.88.1 name=router /ip firewall filter add action=log chain=forward log-prefix=FILTER /ip firewall mangle add action=log chain=forward log-prefix=PREROUTING /ip firewall nat add action=masquerade chain=srcnat
So quickly, I've add a Bridge interface name BR_TEST, with eth1,3,4 and 5, eth2 are my dhcp client into my personal network and I masquerade anything trough this interface.
I've disabled the fast path for the bridge and enabled the IP Firewall options to enter into the ip mangle table and grab somes packets log output, log that I have seen into the LOG window.
I've just realized that the represented interface are the bridge interface BR_TEST and not ether2...
I mean, the traffic are still handled by the physical port, not really, but mabe, the virtual BR_TEST port.
Question #1: It is the chipset who do this?
Always referring the chart, I've add two filter rules into the bridge management and now I can track my interface management.
So I've mark my packets, add it on seperated HTB rules and my download queue dont work...
What I'Ve missing?
Great work there!I propose to consider another option
Any chance for an editable version?See my previous post.Nice... PDF or SVG or some sort of vector image would be ideal. Looks great though.
Why last block in output chain is "Bridge Adjustm"?Thank you, fixed - see updated my post.
You can download the source in Microsoft Visio 2010 and disable the extra layers, making it easier diagrams at its discretion.To me the first version of diagrams is easier to consume. Second version is a little bit noise. There is too many arrows. Main content is hidden in the web of transitions! Arrows that define logical layers is too big, it's not the main content.
Thanks for reply. =))You can download the source in Microsoft Visio 2010 and disable the extra layers, making it easier diagrams at its discretion.To me the first version of diagrams is easier to consume. Second version is a little bit noise. There is too many arrows. Main content is hidden in the web of transitions! Arrows that define logical layers is too big, it's not the main content.
Thank you for your comments! In the near future I will try to fix it.Nice comprehensive graphics!
May I suggest to stick with english grammar rules for questions: auxiliary verb, then subject, then verb
Decapsulation is needed? -> Is decapsulation needed?
Encapsulation is needed? -> Is encapsulation needed?
It's IP Traffic? -> Is it IP traffic? ("It is IP Traffic" is a statement, not a question)
These changes would give decisions a consistent wording.
check http://wiki.mikrotik.com/wiki/Manual:Packet_FlowI guess you pros can understand the packet flow but I don't . Is there a book or a link that would explain what is actually happening in the individuals steps?
1) authorizationHow can I generate his queue so that he does not bypass the limits?
Exactly where MikroTik said they put it. Just here...Where is placed "IP - Firewall - Raw" menu ?
ip firewall nat add chain=forward action=dst-nat protocol=udp port=12345 to-addresses=192.168.0.2 in-interface=ether1 log=yes
ip firewall filter add action=accept chain=input in-interface=ether1 protocol=udp port=12345 place-before=3
this conversation is not in any way related to this "New packet Flow Diagram"
@noviyThis small update with possible can someone help better understand the place of new blocks "RAW Prerouting" and "RAW Output".
Router originated packets are always output->postrouting.Hello guys !
I'm looking at those packet flow diagrams and the exemple scenario and I was wondering : where does the traffic originating from the router itself appears ?
For example let's say I bind a dhcp-client to a vlan interface, what would be the path of a DHCP Request packet on those diagram ?