Is there a way to forward the DMZ (like a dlink) from a mikrotik rb411 w/3.30?
Sort of. There is no “forward to DMZ” button, but all such a button does in home routers is to NAT the WAN interface to a machine on the LAN, possibly exempting a few ports.
If you already have generic NAT (masquerade) set up the src-nat portion is done and all you have to is dst-nat. All the below examples are assuming dynamic WAN addresses.
You can either just forward a couple of ports:
/ip firewall nat
add chain=dstnat action=dst-nat in-interface=[WAN INTERFACE NAME] protocol=tcp dst-port=80 to-addresses=[INSIDE IP ADDRESS OF DMZ HOST]
Or everything but a few ports you want to terminate on the router so you can administrate it from the WAN:
/ip firewall nat
add chain=dstnat action=accept in-interface=[WAN INTERFACE NAME] protocol=tcp dst-port=22 comment="Keep tcp/22 for ssh on the router"
add chain=dstnat action=dst-nat in-interface=[WAN INTERFACE NAME] to-addresses=[INSIDE IP ADDRESS OF DMZ HOST] comment="And the rest goes to the DMZ host"
The NAT wiki is very detailed.
Brilliant!!
This worked perfectly.
Hello all,
I’m still trying to open a port I did as it was written above But the problem does not work
So why do not I load the site And after I go into winbox on / IP Firewall nat and there as you say above but the problem is that I see it does tricks yes site page does not open why somebody can help me