Home > MikroTik > Router > MikroTik Router OS V3.0 User Manual

MikroTik Router OS V3.0 User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual MikroTik Router OS V3.0 User Manual. The MikroTik manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 331

    Page 331 \... max-limit=100000000 priority=1[admin@MikroTik] > /queue tree add parent=Local packet-mark=other limit-at=1000000 \\... max-limit=100000000 priority=1 Mark by MAC address         +3                 [admin@MikroTik] > / ip firewall mangle add chain=prerouting \\... src-mac-address=00:01:29:60:36:E7 action=mark-connectionnew-connection-mark=known_mac_conn[admin@MikroTik] > / ip firewall mangle add chain=prerouting \\...... 
    \... max-limit=100000000 priority=1[admin@MikroTik] > /queue tree add parent=Local packet-mark=other limit-at=1000000 \\... max-limit=100000000 priority=1
Mark by MAC address
 	 
	  	 

 +3 	   
 
 
  
 
  
 

[admin@MikroTik] > / ip firewall mangle add chain=prerouting \\... src-mac-address=00:01:29:60:36:E7 action=mark-connectionnew-connection-mark=known_mac_conn[admin@MikroTik] > / ip firewall mangle add chain=prerouting \\......

    Page 332

    Page 332 NAT Document revision 2.9 (February 11, 2008, 4:14 GMT) This document applies to MikroTik RouterOS V3.0 Table of Contents TableofContents Summary Specifications NAT Description PropertyDescription NATApplications Description ExampleofSourceNAT(Masquerading) ExampleofDestinationNAT Exampleof1:1mapping General Information Summary 9  +    &9+              &    *$    *$            *    ... 
    NAT
Document revision 2.9 (February 11, 2008, 4:14 GMT)
This document applies to MikroTik RouterOS V3.0
Table of Contents
TableofContents
Summary
Specifications
NAT
Description
PropertyDescription
NATApplications
Description
ExampleofSourceNAT(Masquerading)
ExampleofDestinationNAT
Exampleof1:1mapping
General Information
Summary
9
 + 	
	

 &9+  	 
 	
 
	
 	  	
 & 

	

 *$ 	
 
 *$ 	
 	 
 	 
 
 
 *
  
 
...

    Page 333

    Page 333 •  9+       9+               + 9+      (      *$         *$     (       + (              (          •   9+       9+                 *            (       ... 
    • 9+  
	
  
  9+   
 	
 
	
 	 
	
  	 
	




 + 9+ 
 	 
 (	
  	  	
 *$ 	
 
 	 
  *$
	 	 
 
	( 
 
 
 + ( 	

  	 
 
  	
 
	(
 


 
 


•

	

 9+  
	
  
  9+   
 	
 
	
 	 

 
 
 
	




 *
  
 
  
 	 
 
 	 (	
 

 
  	...

    Page 334

    Page 334 •accept- accepts the packet. No action is taken, i.e. the packet is passed through and no more rules are applied to it •add-dst-to-address-list- adds destination address of an IP packet to the address list specified by address-list parameter •add-src-to-address-list- adds source address of an IP packet to the address list specified by address-list parameter •dst-nat- replaces destination address of an IP packet to values specified by to-addresses and to-ports parameters •jump- jump to the chain specified... 
    •accept- accepts the packet. No action is taken, i.e. the packet is passed through and no more
rules are applied to it
•add-dst-to-address-list- adds destination address of an IP packet to the address list specified
by address-list parameter
•add-src-to-address-list- adds source address of an IP packet to the address list specified by
address-list parameter
•dst-nat- replaces destination address of an IP packet to values specified by to-addresses and
to-ports parameters
•jump- jump to the chain specified...

    Page 335

    Page 335 (matches if the specified number of connection has already been established) connection-mark(name) - matches packets marked via mangle facility with particular connection mark connection-type(ftp|gre|h323|irc|mms|pptp|quake3|tftp) - matches packets from related connections based on information from their connection tracking helpers. A relevant connection helper must be enabled under /ip firewall service-port content(text) - the text packets should contain in order to match the rule dscp(integer: 0..63) -... 
    (matches if the specified number of connection has already been established)
connection-mark(name) - matches packets marked via mangle facility with particular connection
mark
connection-type(ftp|gre|h323|irc|mms|pptp|quake3|tftp) - matches packets from related
connections based on information from their connection tracking helpers. A relevant connection
helper must be enabled under /ip firewall service-port
content(text) - the text packets should contain in order to match the rule
dscp(integer: 0..63) -...

    Page 336

    Page 336 •to-client- true, if a packet is sent to a client icmp-options(integerinteger) - matches ICMP Type:Code fields in-bridge-port(name) - actual interface the packet has entered the router through (if bridged, this property matches the actual bridge port, while in-interface - the bridge itself) in-interface(name) - interface the packet has entered the router through (if the interface is bridged, then the packet will appear to come from the bridge interface itself) ingress-priority(integer: 0..63) - INGRESS... 
    •to-client- true, if a packet is sent to a client
icmp-options(integerinteger) - matches ICMP Type:Code fields
in-bridge-port(name) - actual interface the packet has entered the router through (if bridged, this
property matches the actual bridge port, while in-interface - the bridge itself)
in-interface(name) - interface the packet has entered the router through (if the interface is bridged,
then the packet will appear to come from the bridge interface itself)
ingress-priority(integer: 0..63) - INGRESS...

    Page 337

    Page 337 with this option, covering all values between 0 and every inclusively. out-bridge-port(name) - actual interface the packet is leaving the router through (if bridged, this property matches the actual bridge port, while out-interface - the bridge itself) out-interface(name) - interface the packet is leaving the router through (if the interface is bridged, then the packet will appear to leave through the bridge interface itself) packet-mark(text) - matches packets marked via mangle facility with particular... 
    with this option, covering all values between 0 and every inclusively.
out-bridge-port(name) - actual interface the packet is leaving the router through (if bridged, this
property matches the actual bridge port, while out-interface - the bridge itself)
out-interface(name) - interface the packet is leaving the router through (if the interface is bridged,
then the packet will appear to leave through the bridge interface itself)
packet-mark(text) - matches packets marked via mangle facility with particular...

    Page 338

    Page 338 src-mac-address(MAC address) - source MAC address src-port(integer: 0..65535integer: 0..65535) - source port number or range tcp-mss(integer: 0..65535) - matches TCP MSS value of an IP packet time(timetimesat|fri|thu|wed|tue|mon|sun) - allows to create filter based on the packets arrival time and date or, for locally generated packets, departure time and date to-addresses(IP addressIP address; default:0.0.0.0) - address or address range to replace original address of an IP packet with to-ports(integer:... 
    src-mac-address(MAC address) - source MAC address
src-port(integer: 0..65535integer: 0..65535) - source port number or range
tcp-mss(integer: 0..65535) - matches TCP MSS value of an IP packet
time(timetimesat|fri|thu|wed|tue|mon|sun) - allows to create filter based on the packets
arrival time and date or, for locally generated packets, departure time and date
to-addresses(IP addressIP address; default:0.0.0.0) - address or address range to replace original
address of an IP packet with
to-ports(integer:...

    Page 339

    Page 339   ( $   *$            + $   *$  $      /ip address add address=10.5.8.200/32 interface=Public +          (      /ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \to-addresses=192.168.0.109 +        (          (           /. 
    
 (
 $ *$     	 
	
	

 

+ $ *$ 
 $ 

	
/ip address add address=10.5.8.200/32 interface=Public
+  	
 	 
 
 


	 (  

	 


/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \to-addresses=192.168.0.109
+  	
 
 


	 ( 
 
	 
 
 
 

 	(
 
  	 
	
	
 

/.

    Page 340

    Page 340 Packet Flow Document revision 2.8 (February 11, 2008, 4:14 GMT) This document applies to MikroTik RouterOS V3.0 Table of Contents TableofContents GeneralInformation Summary Specifications PacketFlow Description ConnectionTracking Description PropertyDescription ConnectionTimeouts Description PropertyDescription Notes ServicePorts Description PropertyDescription GeneralFirewallInformation Description General Information Summary        *$    ( (    ... 
    Packet Flow
Document revision 2.8 (February 11, 2008, 4:14 GMT)
This document applies to MikroTik RouterOS V3.0
Table of Contents
TableofContents
GeneralInformation
Summary
Specifications
PacketFlow
Description
ConnectionTracking
Description
PropertyDescription
ConnectionTimeouts
Description
PropertyDescription
Notes
ServicePorts
Description
PropertyDescription
GeneralFirewallInformation
Description
General Information
Summary
 	
	  
  
  	
 *$ 	
 
	( (	 

...
    Start reading MikroTik Router OS V3.0 User Manual
    All MikroTik manuals