I have a RouteOS 6.28rc11 on RB Groove 52HPn. My configuration is this :
Router Groove is my access to the provider internet.
At this router is connected a switch (dummy, not managed).
To the switch are connected some computers… plus an AP for wifi.
A single lan is configured with dhcp and some static ip.
My wish is configure a dmz to expose a single computer of this lan. Or better if possible, configure another lan to expose in dmz, where place this computer or more than one.
There isn’t a regular DMZ option as you see in other routers.
Instead, you can create a firewall rule that works the same. It forwards all inbound connections to a given IP.
In IP > Firewall, add a NAT rule.
Chain=dst-nat, In. Interface: WAN, Action=dst-nat, to-Address= Your computer who should be in dmz.
This rule should be below other forward rules (but above and deny rules). IE: host1 is in the DMZ, but host2 is a web server. Your dst-nat rule that forwards port 80 to host2 should be above the DMZ rule.
For first, I’ve not any forward rules, ip > firewall > nat > print not show me any other rules, so that is not problem.
Your advice works quite well, now I’m able to get in touch to my host in dmz, BUT… something odds happens. Connection seem established, I’m prompted to insert password and I type it, it seem do something but come back to ask again password ?! Of course I’m sure about that, I test ssh connection locally in lan and everything it’s all right. So, I start to test putting my laptop in dmz for the while, to test with other host… but the behaviour it’s the same !
This lead me to think there is some other in configuration I’m missing, but I’m not able to understand what
again, any idea and advice of course are always welcome !
honestly is not clear to me so much due my lack knowledge about this router and firewall concept…
This router is configured with internal lan interface (ether1), an wifi interface (wlan1), an ppoe-out1 and a bridge1.
I solved setting the “In Interface=ppoe-out1” (first try was setting with “bridge1”, after router notified me that I couldn’t use wlan1 due it was slave to bridge1), everything worked fine.
If someone could me clarify me this, is welcome… for the while I’m quite glad to have solved
