I am trying to understand the packet flow diagram in the ref. manual.

After prerouting the package reach a decision point where it goes either to the input chain or the forward chain.

I read in the section "filtering" that the decison is based upon wether the package is addresses to IP belonging to one of the routers input interfaces - or not. And here is the point where I am getting really confused and I hope you can bring me out of my misery.

How would a package end up at the doorstep of my router if it is not addressed to an IP beloning to any of the interfaces of my router? is that related to e.g. a PC on my LAN trying to send a package to an external inter IP/URL i.e. an outgoing packet from a LAN PC addressed to an internet address is processed through the forward chain?

Any way just to test it I entered a filter rule in the forward chain to drop everything. This caused almost all traffic to stop and if above is true then the reason be that all traffic from my LAN to the internet was blocked - is that so? or was the inbound traffic blocked.


How is it with traffic initiated from inside and statefully controlled. Will return inbound traffic be processed through the input - or the forward chain.

Guy's - This keeps me awake at night and your comments and help will be sincerely appriciated.

Best regards, Pilgrim

I am trying to understand the packet flow diagram in the ref. manual.

After prerouting the package reach a decision point where it goes either to the input chain or the forward chain.

I read in the section "filtering" that the decison is based upon wether the package is addresses to IP belonging to one of the routers input interfaces - or not. And here is the point where I am getting really confused and I hope you can bring me out of my misery.

How would a package end up at the doorstep of my router if it is not addressed to an IP beloning to any of the interfaces of my router? is that related to e.g. a PC on my LAN trying to send a package to an external inter IP/URL i.e. an outgoing packet from a LAN PC addressed to an internet address is processed through the forward chain?

Any way just to test it I entered a filter rule in the forward chain to drop everything. This caused almost all traffic to stop and if above is true then the reason be that all traffic from my LAN to the internet was blocked - is that so? or was the inbound traffic blocked.


How is it with traffic initiated from inside and statefully controlled. Will return inbound traffic be processed through the input - or the forward chain.

Guy's - This keeps me awake at night and your comments and help will be sincerely appriciated.

Best regards, Pilgrim

It can be hard, a good idea would be setting up rules like the one you just tried, and look at the counter of the rule. If the rule have been used the counter increases,

Input chain is traffic directed at the router, like a telnet or http directly to any of the routers IP.
Forward chain is traffic going out of the router, like an inbound NAT rule where the router forwards traffic to an internal host or traffic going out through a NAT. When making rules it is important to look at where the traffic is coming from and specify inbound or outbound interfaces.

Hope it helped

Regards

/Henrik

this presentation is about packet flow: http://tiktube.com/?video=105

this presentation is about packet flow: http://tiktube.com/?video=105

Hello Normis, can you give me new link for that's presentation about Packet Flow...
Thanks before...

As a starting point, see here. Simple Packet Flow for ROSv5 is on page 16 & for ROSv6 is on page 17. The video can be found on TikTube(HR13: QoS on RouterOS v6).
These video presentations also include explanations about packet flow, QoS, simple queues, queue tree, mangling & other:
MUM US09: QoS by Janis Megis
MUM CZ 09: QoS
MUM US11: QoS workshop

Thankyou very much for your quickly answer...