Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Class 3
1. ISP Setup using MikroTik
Class - III
Firewall, Website Filter, Address List,
IP Services, Port Forwarding (DST-NAT)
M Abdullah Al Naser
B.Sc in CSE
CCNA, RHCE, RHCSA, MTCNA
2. Firewall
2
Prepared by- M Abdullah Al Naser (mail.naserbd@yahoo.com)
The Firewall feature of MikroTik enables us
to allow/deny any traffic based on specific
source/destination IP address and specific
source/destination ports.
There are three Chains of filtering rules
1. Input
2. Output
3. Forward
3. Firewall
3
Prepared by- M Abdullah Al Naser (mail.naserbd@yahoo.com)
Input
Input chain handles inbound traffic that is
directed to the MikroTik itself.
Output
Output chain handles outbound traffic that is
initiated from the MikroTik itself
Forward
Forward chain handles traffic that is received in
one interface and to be forwarded through
another interface
4. Firewall
4
Prepared by- M Abdullah Al Naser (mail.naserbd@yahoo.com)
In blank configuration MikroTik doesn’t filter
any traffic, it allows all traffics.
To restrict any traffic we have to configure
filter rule as per our requirement.
Assume that, we want to allow only
10.0.0.10 to get access to the internet, all
other IPs from this block are restricted.
13. Firewall
13
Prepared by- M Abdullah Al Naser (mail.naserbd@yahoo.com)
Thus we can configure any permit/deny
rules for any specific source/destination IP
addresses and any specific
source/destination ports
Order is very important in configuring
permit and deny rules.
19. Address List
19
Prepared by- M Abdullah Al Naser (mail.naserbd@yahoo.com)
The concept of Address List is to gather
some IP addresses or some IP blocks
randomly which to be used in configuring
filtering rules, routes etc later on.
We can add multiple IPs or IP blocks in a
Address List.
23. IP Services
23
Prepared by- M Abdullah Al Naser (mail.naserbd@yahoo.com)
The IP Services feature of MikroTik enables
us to verify the services that is currently
running on the device or disable any
services or change any service port number
or restrict access.
26. Port Forwarding (DST-NAT)
26
Prepared by- M Abdullah Al Naser (mail.naserbd@yahoo.com)
The DST-NAT often called Port Forwarding is
such a feature which enables us to access
internal resources of a private network from
external network such as internet.
32. Port Forwarding (DST-NAT)
32
Prepared by- M Abdullah Al Naser (mail.naserbd@yahoo.com)
To enable any DST-NAT rule to work, we
must have a SRC-NAT to allow traffic from
internal network to external network.
Otherwise DST-NAT would not work to
access internal resources from external
network.
33. Thank you very much
33
Prepared by- M Abdullah Al Naser (mail.naserbd@yahoo.com)