I am actually trying to decide on whether or not to pickup a MikroTik Router Switch. I need a simple DMZ setup guide though. The person I am planning to get this for likes simple, easy, one-click setups and I am trying to get him out of that mindset as much as possible without warding him off the idea.
His needs are specific and his current Cisco E1200 router is causing problems (Buffer Bloat, unstable, etc). His ISP charges an extra $100 for Static IP so he abstains from a static IP. Instead he uses No-IP DDNS for easy access to his network. So he is on a Dynamic IP from the ISP.
His network setup is as such for DMZ:
He needs the game server on the left to be behind a DMZ. While the server on the right sits behind a VPN Server. And the rest of the machines on the network use the network as normal. He runs a game server for a gaming community.
How can this be done in the simplest fashion.
Also, the router needs to be setup to counter Buffer Bloat.
He has a unmetered Business connection from his ISP.
100% better LOL.
I am trying in effect to do the same, two LANs, one for the main bulk of PCs, one for a dmz type LAN - separate purpose and no access between the lans both ways.
I dont have a VPN setup but I am confused by the terminology VPN server?
I suppose what you mean is that the ACTUAL Server (type not stated), is connected to the Internet via VPN, and the Router is being used to setup the VPN connection? OR
Do you mean you have a PC acting as a VPN server before the actual server??
As for the two LANs (primary and DMZ), I am at the very basic stage of trying to sort out what the deal is with
bridges, INTERFACE List, neighbour discovery and how they all interact.
I understand that the microtik considers all of the ports as separate interfaces, and not connected.
If you put two interfaces onto the same bridge then its like they are connected (layer 2?)?
I am not clear on the difference between two interfaces on the same bridge or two interfaces (one on a bridge one not, or two different bridges) where they are both described as being part of the LAN on the interface list. How are they connected then compared to being on the same bridge??
