Hi
I am using 3011 router and is setting it up, I have internett on all my stuff so that part works great, I have also made a separate network for my server that host web and mail server.
The server is running is own firewall so I just want to dmz the server, how can I do that?
Here is my config.
# apr/15/2021 12:00:34 by RouterOS 6.49beta27
# software id = 61BP-NFIR
#
# model = RB3011UiAS
# serial number = E14E0D97D028
/interface bridge
add name=local
add name=server
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=192.168.150.2-192.168.150.254
add name=dhcp_pool2 ranges=192.168.150.2-192.168.150.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=local name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=server name=dhcp2 relay=\
192.168.150.1
/interface bridge port
add bridge=local interface=ether2
add bridge=local interface=ether3
add bridge=local interface=ether4
add bridge=local interface=ether5
add bridge=server interface=ether6
/interface list member
add interface=ether1 list=WAN
add interface=local list=LAN
/ip address
add address=192.168.88.1/24 interface=local network=192.168.88.0
add address=192.168.150.1/24 interface=server network=192.168.150.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=1.1.1.1 gateway=192.168.88.1
add address=192.168.150.0/24 dns-server=1.1.1.1 gateway=192.168.150.1
/ip firewall filter
add action=accept chain=input comment="accept established,related" \
connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="allow ICMP" in-interface=ether1 \
protocol=icmp
add action=accept chain=input comment="allow Winbox" in-interface=ether1 \
port=8291 protocol=tcp
add action=accept chain=input comment="allow SSH" in-interface=ether1 port=22 \
protocol=tcp
add action=drop chain=input comment="block everything else" in-interface=\
ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp \
to-addresses=192.168.150.100
/system clock
set time-zone-name=Europe/Oslo
Do I need to move the last rule up?
Best regards
The newbie