Akbar Habibillah
Akbar Habibillah

Latest posts by Akbar Habibillah (see all)

Understanding Firewall on Mikrotik Router

A firewall is a method / system / mechanism applied to both hardware, software or the system itself with the means to protect either by filtering, restricting or even refusing any or all relationships / activities of a segment on a private network with an outside network that is not space The scope. The segment can be a workstation, server, router, or local area network (LAN).

Inside the router mikrotik also features a firewall that serves to protect by dropping or mengaccept a packet that will enter, pass, or exit the router. In the firewall feature there are several directories are:

  • Mangle
  • Address-list
  • Filter
  • NAT
  • Export
  • Connection
  • Service-port

And now will be discussed about Network Address Translation. Because the NAT feature is the most commonly used, how to configure the firewall, see the following explanation:

Explanation firewall for NAT (Network Address Translation), NAT is in charge of changing the IP Address of the sender of a data packet. NAT is generally run on the routers that become the boundary between data packets originating from the local network user computers as if coming from the router.


In this network scenario, the Mikrotik Router will run NAT with action = masquerade, thus converting all data packets coming from a computer on the local network, as if it came from a router that has IP Adress This will cause the servers on the internet do not know that who access them is a router with IP Address ( the picture above )

This masquerade must be run by gateway routers to hide the Private IP Address that Semco-users use on the local network, so it is not visible from the internet. Private IP Address must be hidden, because on other local network allows IP Address also in use, if Semco-user does not do masquerade then computer with local network can not access internet.

Masquerade will hide the user’s computer in the local network as well as make the computer masked to IP Adress, so either the user computer,, or network Will be recognized on the internet as

And now we try to configure the router Mikrotik, there is one NAT command that can make the local network ( can access the internet, and the command as follows:

The above command is a command on a firewall on the Mikrotik router that instructs “if there is a user computer that will access the internet, masked on ether1”. While chain = srcnat, function ordered, “change the source address of,, or network from the local network to IP Address in ether1 if you want to go to internet”.


Leave a Reply

Your email address will not be published. Required fields are marked *