Community discussions

MikroTik App
 
User avatar
sjwrick
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 77
Joined: Tue Jul 25, 2006 10:12 pm

Firewall filter effecting nated public IP?

Fri May 03, 2013 6:55 pm

I have filters that block 25 to my input chain.

If I have a public ip dst-nated to an internal private ip, does to filter to my input effect that traffic?

ie

On my router:

/ip address
add address=x.x.x.x/24 comment="Public IP - for cust" interface=WAN
add address=y.y.y.1/30 comment="Private IP for cust" interface=LAN1

/ip firewall nat
add action=dst-nat chain=dstnat comment="Nat pub to priv" dst-address=x.x.x.x to-addresses=y.y.y.2
add action=src-nat chain=srcnat comment="Nat priv to Pub" out-interface=WAN src-address=y.y.y.2 to-addresses=x.x.x.x

/ip firewall filter
add action=drop chain=input comment="block port 25" dst-port=25 protocol=tcp
 
User avatar
cbrown
Trainer
Trainer
Posts: 1840
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Re: Firewall filter effecting nated public IP?

Fri May 03, 2013 10:13 pm

Look at this to understand the packet flow in RouterOS.

http://wiki.mikrotik.com/wiki/Manual:Packet_Flow
C.Brown

cbrown[at]ravenrocknetworks.com
MTCNA - MTCRE - MTCWE - MTCTCE
MTCSE - TRAINER-0179
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Firewall filter effecting nated public IP?

Fri May 03, 2013 10:44 pm

If I have a public ip dst-nated to an internal private ip, does to filter to my input effect that traffic?
No. The input chain affects traffic to the router. The traffic you describe will be affected by the forward chain and the DST NAT occurs before the forward chain is entered.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

Who is online

Users browsing this forum: complex1, eworm, Google [Bot], Lifz, patrickb and 119 guests