Hi,
I have setup an RB4011 as my edge router. WAN - RB4011 (10.10.1.1)- Asus RT88 (192.168.1.1).
Currently Asus runs DNS, DHCP, firewall.
- How would I setup the firewall to secure the RB4011? This is what I have now:
/ip firewall filter
#forward
add chain=forward action=fasttrack-connection connection-state=established,related comment="FastTrack all forwarded established/related connections. Reduces CPU usage significantly."
add chain=forward action=drop connection-state=invalid comment="Drop invalid forwarded connections."
#input
add chain=input action=accept in-interface-list=MGMT comment="!!!LOCAL ACCESS DO NOT DELETE OR DISABLE!!! Allow traffic to router itself from MGMT port."
add chain=input action=accept in-interface-list=DMZ comment="!!!LOCAL ACCESS DO NOT DELETE OR DISABLE!!! Allow traffic to router itself from DMZ port."
add chain=input action=drop comment="Drop remaining traffic to router itself."
#output
- NAT port forwarding
I have setup a rule to forward all traffic to the ASUS but it seems that ports are not forwarded.
How do I get it to work that ports are forwarded from the RB4011 to the client IP? I would need incoming port 48200 TCP to through the Aus to 192.168.1.35
On the Asus I have a few port forwarding rules setup to forward from 10.10.1.1 to 192.168.1.x
On the RB4011 I have this:
/ip firewall nat
add chain=srcnat action=masquerade out-interface-list=ONT comment="Send all traffic: DMZ -> ONT"
add chain=dstnat action=dst-nat in-interface-list=ONT to-addresses=10.1.10.2 comment="Send all traffic: ONT -> DMZ"
I’m new to mikrotik so if anyone could be bothered to help me figure this out, I would much appreciate it.
cheers
Gnommon