Servers with Public IP behind a Firewall and with authenticated access

Hi All, I’m fairly new to MikrotTik, not so new to networking, iptables, etc. But also not an expert. I need to deploy some 4 or 5 servers which need to have a public IP, I’m planning on giving them a private IP on a network just for them (ie. 10.100.1.XXX) and placing the 4 public IPs on a port in MT, then perform NAT on the servers. Also forward some ports (the “public” ports like 110, 25, 80, 443) to the servers (using the destination IP on the incoming packets to decide to which private IP I should send the packet.
What I can’t figure out well is which is the best way to have authentication and after being authenticated some other ports should also be forwarded (like say ssh, rdesktop, etc)

Now the questions are: is this the best approach to protect the servers only exposing the selected ports? Or is it better to just give them all public IPs and use an interface bridge?
In any what’s the recommendation to accomplish the authenticated opening of some ports?

Thanks a lot in advance.
Matute.

Well, the best way is to route public IPs to the servers, and then use Firewall Filter to allow only necessary ports.

Hm-m-m… L2TP to the router and then access protected ports over VPN?

Thanks for the answer Chupaka! OK about routing the public IPs, now about the VPN could be an option of course, I was kinda looking for something much simpler that would let me for example on a public computer which I don’t controll and on which I have few privileges be able to rdesktop my server (ie, out there on a trip access my server from a cybercafe’s PC) I was looking into hotspot authentication, but I’m not sure that’s the best way…

Again, thanks for the answer.

Well, check this maybe: https://wiki.mikrotik.com/wiki/Port_Knocking

Hey! that looks great and I think it will perfectly fit my needs.

Looking forward to test it soon!

Thanks a lot again.