About Me
MikroTik Certified Network Associate (MTCNA)
1 Introduction to Networking
1-1 Basic Networking Concepts
1-2 OSI Model
1-3 TCPIP Model
1-4 IP Addressing
1-5 Subnetting
2 Introduction to MikroTik RouterOS
2-1 RouterOS Overview
2-2 RouterOS Installation
2-3 RouterOS Licensing
2-4 RouterOS Interface Overview
2-5 RouterOS Command Line Interface (CLI)
2-6 RouterOS Graphical User Interface (GUI)
3 Basic Router Configuration
3-1 Router Identification
3-2 Interface Configuration
3-3 IP Address Assignment
3-4 Default Gateway Configuration
3-5 DNS Configuration
3-6 Basic Firewall Configuration
4 Routing
4-1 Static Routing
4-2 Dynamic Routing Protocols
4-3 OSPF Configuration
4-4 BGP Configuration
4-5 Policy-Based Routing
5 Network Address Translation (NAT)
5-1 Introduction to NAT
5-2 Basic NAT Configuration
5-3 Port Address Translation (PAT)
5-4 One-to-One NAT
5-5 Hairpin NAT
6 Firewall and Security
6-1 Firewall Basics
6-2 Firewall Rules Configuration
6-3 NAT Rules Configuration
6-4 Traffic Shaping and QoS
6-5 VPN Basics
6-6 IPsec VPN Configuration
7 Wireless Networking
7-1 Wireless Basics
7-2 Wireless Interface Configuration
7-3 Wireless Security
7-4 Wireless Bridging
7-5 Wireless Access Point Configuration
8 Advanced Topics
8-1 VLAN Configuration
8-2 DHCP Server Configuration
8-3 DHCP Relay Configuration
8-4 PPPoE Server Configuration
8-5 PPPoE Client Configuration
8-6 Hotspot Configuration
8-7 Load Balancing
8-8 High Availability (Failover)
9 Troubleshooting and Maintenance
9-1 Basic Troubleshooting Techniques
9-2 Log Analysis
9-3 Backup and Restore
9-4 Firmware Updates
9-5 System Monitoring
10 Practical Exercises
10-1 Basic Router Configuration Exercise
10-2 Static Routing Exercise
10-3 NAT Configuration Exercise
10-4 Firewall Configuration Exercise
10-5 Wireless Configuration Exercise
10-6 Advanced Configuration Exercise
10-7 Troubleshooting Exercise
10-4 Firewall Configuration Exercise Explained

10-4 Firewall Configuration Exercise Explained

Firewall configuration is a critical skill for securing network traffic. This exercise will guide you through the process of setting up a basic firewall on a MikroTik router, ensuring that you understand the key concepts and can apply them effectively.

Key Concepts

1. Firewall Overview

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet.

2. Firewall Rules

Firewall rules define the conditions under which network traffic is allowed or blocked. These rules are typically based on criteria such as source IP address, destination IP address, protocol, and port number.

3. Default Policies

Default policies are the actions taken by the firewall when no specific rule matches the incoming or outgoing traffic. Common default policies include "accept" (allow traffic) and "drop" (block traffic).

4. NAT (Network Address Translation)

NAT is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.

5. Port Forwarding

Port forwarding is a technique used to redirect a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router.

Detailed Explanation

Firewall Overview

A firewall is essential for protecting a network from unauthorized access and malicious activities. It filters traffic based on predefined rules, ensuring that only legitimate traffic is allowed to pass through.

Firewall Rules

Firewall rules are the core of a firewall's functionality. Each rule specifies the conditions under which traffic is allowed or blocked. For example, a rule might allow HTTP traffic (port 80) from a specific IP address while blocking all other traffic from that address.

Default Policies

Default policies determine the action taken by the firewall when no specific rule matches the traffic. It is common practice to set the default policy to "drop" to ensure that any traffic not explicitly allowed is blocked.

NAT (Network Address Translation)

NAT is used to map private IP addresses to a public IP address when traffic leaves the internal network. This allows multiple devices on a private network to share a single public IP address, enhancing security and conserving IP addresses.

Port Forwarding

Port forwarding is used to allow external devices to access services on internal devices. For example, if you want to access a web server on your internal network from the internet, you would configure port forwarding to redirect incoming traffic on port 80 to the internal web server's IP address.

Examples and Analogies

Example: Firewall Overview

Think of a firewall as a security guard at a gated community. Just as the guard controls who enters and exits the community, a firewall controls which network traffic is allowed to enter and leave the network.

Example: Firewall Rules

Consider firewall rules as a set of instructions for the security guard. For example, the guard might be instructed to allow residents to enter but block strangers. Similarly, firewall rules allow specific traffic while blocking others.

Example: Default Policies

Imagine default policies as the guard's default action when no specific instruction is given. If the guard's default policy is to block, they will block anyone who does not have explicit permission to enter.

Example: NAT (Network Address Translation)

Think of NAT as a mailroom that changes the return address on outgoing mail. When mail leaves the office, the mailroom changes the return address to the office's public address, ensuring that replies come back to the office.

Example: Port Forwarding

Consider port forwarding as a concierge service that directs guests to the correct room. When a guest arrives at the front desk asking for room 101, the concierge directs them to the correct room, even if the room is not directly accessible from the lobby.

By mastering firewall configuration, you can effectively secure your network, ensuring that only legitimate traffic is allowed while blocking unauthorized access and malicious activities.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.