MikroTik

Hello.
Please help me understand the Packet Flow.

We have:

Mikrotik Router with 2 network interfaces such as Ethernet, which are called LAN and Management
PPPoE connection to your ISP for Internet access. PPPoE server is located at the ISP, PPPoE connection is made through the Management interface:

ISP <-> | Modem in Bridge-mode | <-> | Management Interface -= Mikrotik =- LAN Interface | <-> LAN Network
Internet <-> PPPoE on Mikrotik through Management Interface

LAN interface is assigned a private IP address, called the LAN_ROUTER_IP
Management interface is assigned a private IP address, called the MANAGEMENT_ROUTER_IP
Using PPPoE Router gets a WAN IP address, name it WAN_ROUTER_IP

To access the Internet from the LAN is configured Src-NAT: add action = src-nat chain = srcnat comment = "" out-interface = PPPoE to-addresses = WAN_ROUTER_IP

A host from the LAN connects to some host on the Internet using HTTP protocol on port 80 on that host. The host of the LAN network called LAN_HOST_IP. Host on the Internet called WAN_HOST_IP.


Packet flow from LAN to Internet will be:

1. Packet from LAN_HOST_IP comes to the LAN interface of the router:
LAN_HOST_IP: 47850 -> WAN_HOST_IP: 80

Further works:
a) Prerouting: DO nothing
b) Forwarding: YES, the packet must be routed to the PPPoE interface of the router
c) Postrouting: DO SRC-NAT, change source IP to WAN_ROUTER_IP

2. Packet go to the PPPoE interface:
WAN_ROUTER_IP: 47850 -> WAN_HOST_IP: 80

Further works:
a) Prerouting: DO nothing
b) Forwarding: DO nothing
c) Postrouting: DO nothing

3. Packet leaves the PPPoE interface of the router


Packet flow from Internet to LAN, the host WAN_HOST_IP response

1. Packet from WAN_HOST_IP comes on PPPoE interface of the router:
WAN_HOST_IP: 80 -> WAN_ROUTER_IP: 47,850

Further works:
a) Prerouting: DO DST-NAT, change Destination IP to LAN_HOST_IP
b) Forwarding: YES, the packet must be routed to the LAN router interface
c) Postrouting: DO nothing

2. Packet go to LAN interface:
WAN_HOST_IP: 80 -> LAN_HOST_IP: 47,850

Further works:
a) Prerouting: DO nothing
b) Forwarding: DO nothing
c) Postrouting: DO nothing

3. Packet leaves the LAN interface of the router.

This is correct?

Detailed packet flow here: http://wiki.mikrotik.com/wiki/Manual:Packet_Flow

it depends on the config.

Detailed packet flow here: http://wiki.mikrotik.com/wiki/Manual:Packet_Flow

it depends on the config.

Thanks but this is not an answer on my question.This configuration was described in my question.

Packet flow from Internet to LAN, the host WAN_HOST_IP response

1. Packet from WAN_HOST_IP comes on PPPoE interface of the router:
WAN_HOST_IP: 80 -> WAN_ROUTER_IP: 47,850

Further works:
a) Prerouting: DO DST-NAT, change Destination IP to LAN_HOST_IP
b) Forwarding: YES, the packet must be routed to the LAN router interface
c) Postrouting: DO nothing

2. Packet go to LAN interface:
WAN_HOST_IP: 80 -> LAN_HOST_IP: 47,850 ###WAN_ROUTER_IP

Further works:
a) Prerouting: DO nothing
b) Forwarding: DO nothing
c) Postrouting: DO nothing

3. Packet leaves the LAN interface of the router.

This is correct?

The packet is doing:

prerouting->src-nat and postrouting if you use firewall... then go out. The same from in to out and out to in, but src nat or dst nat


The correct answer is: Not 100% ok.

Thanks. Maybe I'm wrong posed the question.
Clarify. Within the same connection how packet will pass through the network interface of the router? When (at what stage) the router replaces the IP address in the packet?


This is the right scheme described below?

Initial connection from LAN host to WAN host through router with Src-NAT:
LAN-Host -> Router (do Src-Nat with Src-IP replacement) -> WAN-Host

WAN-Host response to Router-WAN-IP and router do Dst-NAT and send packet to LAN Host:
WAN-Host -> Router (do Dst-Nat with Dst-IP replacement) -> LAN-Host

normis, this user is duplicated because he decreased my Karma with other account.. It's amazing that someone decreases Karma to someone trying to help...

Man, you get -5 more and... I'm watching you! : D!

User drdrdr has decreased your karma
drdrdr left comment:

If you do not have the answer, better be quiet.

[quote="Ibersystems"]normis, this user is duplicated because he decreased my Karma with other account.. It's amazing that someone decreases Karma to someone trying to help...

What other account?
I told you the truth, and you can not handle it. If somebody ask precise question he expects anwer, and not link to page that everybody has already seen.

You can't decrease karma to someone trying to help. Give us money and we will make the investigations and tests you must do.

You can start decreasing the karma to all other users that didn't helped to you too.

I can give minus if you waste my time.
You did not gave any help. You just sent link to packet flow diagram, and after that answered only that his assumption is not correct without any explanation.
I I spent my time reading that. My time is precious to me.
At the and you just have few more posts, and you rank is higher, and there is not any help at all.

And what is your explanation for giving me minus karma? Did I hurt your ego?

absolutely. Snif snif.

normis, this user is duplicated because he decreased my Karma with other account.. It's amazing that someone decreases Karma to someone trying to help...

Man, you get -5 more and... I'm watching you! : D!

User drdrdr has decreased your karma
drdrdr left comment:

If you do not have the answer, better be quiet.

What is this nonsense? On what grounds are you saying that? I think you are crazy on karma. This is noticeable in your signature...

Very mature.

Now I understood your strategy. Have as many posts as you can because it is good commercial for your business. But give only bait, and not give usable help so someone can hire you.
You and your friends, give me as many minuses as you can if that makes you happy. I do not care because I do not have commercial interest here. I thought thisi is community forum.

PS. I am not sure but I might been made honest mistake by giving minus to vSoul yesterday. I clicked wrong button. Sorry.

Good luck.