About Me
MikroTik Certified Routing Engineer (MTCRE)
1 Introduction to MikroTik RouterOS
2 RouterOS Basics
1 Installation and Initial Configuration
2 User Management
3 System Resources
4 Backup and Restore
3 Interfaces and Bridges
1 Interface Configuration
2 Bridge Configuration
3 VLAN Configuration
4 Routing
1 Static Routing
2 Dynamic Routing Protocols
1 OSPF
2 BGP
3 EIGRP
3 Policy-Based Routing
5 Firewall and Security
1 Firewall Basics
2 NAT Configuration
3 IPsec VPN
4 SSL VPN
5 Traffic Shaping
6 Wireless Networking
1 Wireless Interface Configuration
2 Wireless Security
3 Wireless Bridging
4 Wireless Client Mode
7 QoS and Traffic Management
1 Queue Types
2 Queue Trees
3 Priority Queues
4 Traffic Rules
8 Load Balancing and High Availability
1 Load Balancing
2 High Availability with VRRP
3 Failover Configuration
9 Monitoring and Diagnostics
1 System Logs
2 Traffic Monitoring
3 Diagnostic Tools
10 Advanced Topics
1 IPv6 Configuration
2 MPLS Configuration
3 SDN and Automation
4 Cloud Hosted Router
11 Practical Scenarios
1 Small OfficeHome Office (SOHO) Network
2 Enterprise Network
3 Service Provider Network
12 Certification Exam Preparation
1 Exam Format and Structure
2 Practice Questions
3 Hands-On Labs
4 Traffic Rules Explained

4 Traffic Rules Explained

1. Traffic Rules Basics

Traffic rules in MikroTik RouterOS are used to manage and control network traffic. They allow administrators to define specific actions for different types of traffic, ensuring efficient and secure network operations.

2. Key Concepts of Traffic Rules

a. Firewall Rules

Firewall rules are used to filter incoming and outgoing traffic based on various criteria such as source and destination IP addresses, ports, and protocols. These rules can allow, deny, or log traffic, providing granular control over network access.

For example, a firewall rule can be set to block all incoming traffic on port 22 (SSH) except from a specific IP address, ensuring that only authorized devices can access the SSH service.

Think of firewall rules as bouncers at a club who check IDs and allow or deny entry based on specific criteria.

b. NAT (Network Address Translation)

NAT rules are used to translate private IP addresses to public IP addresses, allowing multiple devices on a private network to access the internet using a single public IP address. NAT can be used for both source and destination address translation.

For instance, in a home network, NAT allows all devices to share a single public IP address provided by the ISP, while still being able to access the internet individually.

Imagine NAT as a translator who converts private language (private IP addresses) to public language (public IP addresses) so that everyone can understand and communicate.

c. Traffic Shaping

Traffic shaping rules are used to control the rate of traffic sent or received on a network interface. This ensures that critical applications receive the necessary bandwidth while preventing less important traffic from overwhelming the network.

For example, traffic shaping can be used to prioritize VoIP traffic over file transfers, ensuring that voice calls are not disrupted by other network activities.

Think of traffic shaping as a traffic cop who directs cars to different lanes based on their priority, ensuring smooth and efficient traffic flow.

d. Quality of Service (QoS)

QoS rules are used to prioritize different types of traffic based on their importance. This ensures that critical applications, such as VoIP and video conferencing, receive the necessary bandwidth and low latency, even during network congestion.

For instance, QoS can be configured to give higher priority to traffic from a video conferencing server, ensuring that video calls remain smooth and uninterrupted.

Imagine QoS as a VIP lane at an airport where important passengers (critical traffic) are given priority to ensure they reach their destination on time.

3. Practical Examples

Example 1: Firewall Rule for Secure SSH Access

To create a firewall rule that allows SSH access only from a specific IP address:

/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address=192.168.1.10 action=accept

This rule allows SSH access to the router only from the IP address 192.168.1.10, blocking access from all other IP addresses.

Example 2: NAT Rule for Internet Sharing

To create a NAT rule that allows multiple devices on a private network to share a single public IP address:

/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade

This rule enables NAT on the router's external interface (ether1), allowing all devices on the private network to share the public IP address for internet access.

Example 3: Traffic Shaping Rule for VoIP Priority

To create a traffic shaping rule that prioritizes VoIP traffic:

/queue simple add name=VoIPQueue target=192.168.1.0/24 priority=8 limit-at=1M/1M max-limit=2M/2M

This rule creates a simple queue that prioritizes traffic to the VoIP server at 192.168.1.0/24, ensuring it receives the necessary bandwidth.

Example 4: QoS Rule for Video Conferencing

To create a QoS rule that prioritizes traffic from a video conferencing server:

/queue type set video-conferencing priority=7

This rule sets the priority for video conferencing traffic to 7, ensuring it receives higher priority during network congestion.

4. Insightful Value

Understanding and configuring traffic rules in MikroTik RouterOS is essential for managing network traffic efficiently and securely. By mastering firewall rules, NAT, traffic shaping, and QoS, you can create a robust and flexible network infrastructure that meets the needs of various applications and environments.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.