Getting Started: MikroTik Firewall

Рет қаралды 50,843

Күн бұрын

This video is aimed at giving you a general overview of how the MikroTik firewall works, what connection tracking is, how implement filter rules as well as mangle and fasttrack connections. Many of the topics are shown in real-time using an EVE-NG lab to show what the impact is on the network when creating firewall rules. Always treat firewall rules with caution and make sure that you do not accidentally configure a rule that will lock you out of your equipment.
EVE-NG Setup:
• EVE-NG - First Time Co...
Timestamps:
00:00 - Introduction
00:48 - Logging onto Winbox and Accessing the Firewall
01:40 - Connection Tracking overview
05:22 - Firewall Filter Rules
06:36 - Firewall Chains Explained
09:41 - Configuring an Input Chain rule
14:56 - Configuring an Output Chain rule
16:00 - Configuring a Forward Chain rule
17:30 - Explanation of Firewall allowing all traffic
19:33 - Mangle Rules brief overview
22:00 - FastTrack brief overview
24:48 - Firewall Connection States
27:05 - Inverse firewall rule
Credits:
Intro Music: Ringtail - Waking Up
• Ringtail - Waking up
Song: Max Brhon - Illusion [NCS Release]
Music provided by NoCopyrightSounds
Free Download/Stream: ncs.io/Illusion
Watch: • Max Brhon - Illusion [...
Song: Max Brhon - The Future [NCS Release]
Music provided by NoCopyrightSounds
Free Download/Stream: ncs.io/TheFuture
Watch: • Max Brhon - The Future...
Song: Max Brhon - Cyberpunk [NCS Release]
Music provided by NoCopyrightSounds
Free Download/Stream: ncs.io/Cyberpunk
Watch: • Max Brhon - Cyberpunk ...
Song: Max Brhon - Humanity [NCS Release]
Music provided by NoCopyrightSounds
Free Download/Stream: ncs.io/Humanity
Watch: • Max Brhon - Humanity |...
Thumbnail: Created on Canva
Let's connect on Social Media!
🌏 thenetworkberg.com 🌏
🌏 / thenetworkberg 🌏
🌏 / bergnetwork 🌏
🌏 / the-network-berg-39451... 🌏
Thanks again for watching

Пікірлер: 43

@mmrk_ 2 жыл бұрын

Man i learn so much from your videos. Thanks for taking the time to upload these.

@TheNetworkBerg 2 жыл бұрын

Thanks for the comment, happy you are learning from the videos :D!

@jakirbasha69 3 жыл бұрын

Started watching your MTCNA Playlist. You videos are very helpful. i already do have experience with mikrotik and still have learnt a lot from your videos. gonna checkout all of your videos. Keep making them.

@TheNetworkBerg 3 жыл бұрын

Great to hear!

@klap7321 3 жыл бұрын

very helpful video thanks

@samiam9059 2 жыл бұрын

Used them a long time and very secure for years.

@giahoang8204 3 жыл бұрын

Thank you! Please make more videos about Mikrotik 😀

@TheNetworkBerg 3 жыл бұрын

Sure thing!

@uknowimmad 3 жыл бұрын

You are a great teacher...love the way you explained

@wyc2462 Жыл бұрын

He is a Network HERO. Like the movie Matrix. NEO.

@blindside995 3 жыл бұрын

This is truly a fantastic video! Great work. The mikrotik firewall is really what sold me and got me interested in networking.

@TheNetworkBerg 3 жыл бұрын

Thanks Landon, when I started using mangle rules to make traffic do what I wanted it to do I was very impressed!

@BostjanCadej 3 жыл бұрын

I watched the video. I didn't learn anthing new, but still would like to thank you for work you are doing and giving us tutorials. Keep up the great work. And great video by the way!

@TheNetworkBerg 3 жыл бұрын

I appreciate that!

@chilli9129 3 жыл бұрын

Dobra robota ;)

@joellemorris5684 2 жыл бұрын

Thanks for making this video. I could not understand it all... But as I need to research for upgrading my office small network, I would like to know how you would compare a Mikrotik router firewall with Fortigate 40E for example. For kind of uses would you recommend each of those firewalls?

@tamtamkeppah8723 2 жыл бұрын

Helpful slot of IT career

@marjoni Жыл бұрын

good job

@bergertshitenge1375 3 жыл бұрын

Hi, I would like you soon to be able to use a loop for your videos so that we can see clearly in any case! thank you

@nikolashuminosky6987 3 жыл бұрын

Hi Berg, still we are waiting for you new video as your mentioned on this vide 21:23. Please we are so exciting

@TheNetworkBerg 3 жыл бұрын

Working on them :D Just being kept a bit busy by my actual job right now so not having much flexibility with new videos at the moment :( As soon as they are ready I will upload!

@geoffvandermerwe6220 2 жыл бұрын

Yo, dude! Did you perhaps make an advanced mangle rule video as mentioned in this one ? Would like to know a bit more about mangle. Thank you

@DCikac 2 жыл бұрын

Hi m8, your videos helped me a ton, even if I'm not new to mikrotik, and I wanted to ask you, do you maybe have a how to configure 2 gateways on the same interface. Long story short i have 2 public ip ranges that are on different sub nets and they are both on cisco port 2, and that's connected to mikrotik wan port who is in bridge mode. So i managed to get the route list to get the info of the second IP range and added it as second default ip with a different routing mark, but then I'm not sure should I use route rules, or firewall mangle or something third, I even got bridge-local to say it works for the new ip adress, but my FW rules don't get any packages when I try to go from a different ip ( inernet ) than my local. sry if I only confused you but the main idea is to have 2 public ip ranges that work on the same local network for web service hosting purpose, and my initial pack of static public ip.s were not enough.

@jacobjasser7626 3 жыл бұрын

Hi The Network Berg! Really appreciate your video. Is forward chain primarily used for if you have a server behind your router? I know you mentioned its for forwarding packets between the router, but is this forwarding also for traffic internally? E.g. from PC1 to PC2 on the same router/bridge

@TheNetworkBerg 3 жыл бұрын

If traffic is leaving from the server to something outside the router then it will use the Forward chain.

@jacobjasser7626 3 жыл бұрын

@@TheNetworkBerg does this also apply to traffic handled internally? E.g. internal host to internal host

@TheNetworkBerg 3 жыл бұрын

@@jacobjasser7626 If the two hosts are on the same range then their traffic will be passed on a broadcast level and will not hit the router. So if two PCs in 192.168.10.0/24 want to communicate they will do it directly through the switch.

@jacobjasser7626 3 жыл бұрын

@@TheNetworkBerg if internal host on 192.168.10.0/24 wants to speak to a server out in the internet, would this be considered forward chain? Would most forward chain rules apply to traffic originating from behind the router since it's NAT'd? Thank you for your help!

@seychellesaccount546 7 ай бұрын

what is the emulatopr u using here in your video? for virtual routers?

@djvanvuuren8292 2 жыл бұрын

Hi Mr, Please assist.. Apparently I have double NAT on my main router and clients router, How do I get rid of double NAT. I know I have to Masquerade , but is there a way to NOT Masquerade and bypass it to have a Open Firewall for VOiP to Register easier

@oschpelemuggn2385 3 жыл бұрын

Great video, thank you very much. Getting started with firewall rules is hard when you dont have a good teacher. 😎 I've a question about the blocked pings. In the first case we got a timeout, in the other a net unreachable. Why the difference? Then I've a remark: On my device even in fullscreen mode the text remains unreadable. If you'd reduce your screen resolution while recording the content would be better accessible on smartphones etc.

@TheNetworkBerg 3 жыл бұрын

Great suggestion! If you are watching from a smart phone I can see how the text on Winbox may be a bit small. The difference between the responses are the actions that was set. The following two actions have the two reactions: Drop: silently discards packet, person pinging will just see timeout. Reject: send a reject message, person pinging will see net unreachable error.

@saifullucky 3 жыл бұрын

Awesome

@TheNetworkBerg 3 жыл бұрын

Thanks for the comment, appreciate it :D!

@forex-chart-analysis-daily 3 жыл бұрын

if packet come in the router lan what will rule aply input ? if packet come in router cloudside what will rule output

@TheNetworkBerg 3 жыл бұрын

Hello, if the packet is the router's address then it will be input, so if it was coming from LAN and the router's ip is example 192.168.0.1 and the destination in the IP packet is 192.168.0.1 the router will treat the chain as "INPUT"

@Litdex 3 жыл бұрын

I my opinion first should go data flow diagram and only then firewall explanation. It is hard to get truly understanding of how exactly rules works without it. But keep doing, anyway it is a great content! And You really should mention how useful too use "Save mode" button when You management firewall rules. Just to not get a silly ;)

@TheNetworkBerg 3 жыл бұрын

Hahaha that is true the Safe Mode has helped out many people when they make a little or even big mistake :D!