Something simple I am sure BUT

RouterOS Beginner Basics
1

Hello all
I am new to MikroTik products and installed my first RouterBoard last night.
All is working well as its a new FTTC connection so the customer is impressed with the speed.

The issue I have which is a major one for them is RDP is not working

The setup is WAN into routerboard ether 5 port is connected to a Netgear UTM for all virtual servers VPN etc
The VPN to the remote site to another Netgear UTM is working OK now I ahve changed the public addresses.
BUT the RDP session from external to ie their server or other machiens for the accountant, MD and his PA are not working

Basically all traffic flows from the WAN to Ether 5 then through the UTM

What am I missing to allow the RDP to work?

Previously they had a slow ISP router which had a DMZ setup to point everything to the UTM

2

You can make a “dmz host” in Mikrotik firewall:

/ip firewall nat add chain=dstnat dst-address-type=local in-interface=ether1 action=dst-nat to-address=x.x.x.x

this assumes that ether1 is your wan interface, and that x.x.x.x is the DMZ host.

You will also need to create a firewall filter rule to allow whatever ports:

/ip firewall filter add chain=forward protocol=tcp dst-port=80,443,etc,etc dst-address=x.x.x.x action=accept

Make sure that this rule comes before any default drop/reject rules.

3

ether 1 is the WAN and i called Ether5 DMZ which is plugged into the UTM

I added
ip firewall nat add chain=dstnat dst-address-type=local in-interface=ether1 action=dst-nat to-address=192.168.1.2
and
ip firewall filter add chain=forward protocol=tcp dst-port=80,443,3389,33389,1701,3443,37777,33390,33391 dst-address=192.168.1.2 action=accept

192.168.1.2 is the WAN UTM address with Ether 5 being 192.168.1.1

4

ip firewall nat
add action=dst-nat chain=dstnat comment=“RDP UDP NAT Rule” dst-port=xxxxx in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.2 to-ports=xxxxx
add action=dst-nat chain=dstnat comment=“RDP TCP NAT Rule” dst-port=xxxxx in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.2 to-ports=xxxxx

These NAT entries solved it I added one for each required forward and all is happy now

Thanks for the help :smiley: :smiley: