Hi all,

I have been trying to find information on what to put in the firewall for basic rules. Here is what I need:

External WAN ETH1
Internal LAN ETH2
DHCP on ETH2
10.1.1.0/24 on ETH2
nat outbound traffic from LAN to WAN using WAN's IP.
Allow inbound from WAN to LAN for winbox managing
port forward 446 to 10.1.1.5
portforward 3389 to 10.1.1.6

tahnks for your help

External WAN ETH1

Default config

Internal LAN ETH2

Default config

DHCP on ETH2

Default config

10.1.1.0/24 on ETH2

You'll need to change the various LAN addresses from the default of 192.168.88.x to 10.1.1.x. There are 3 main places.

• /ip address for ether2-local-master
  /ip dhcp-server network
  /ip pool for default-dhcp

nat outbound traffic from LAN to WAN using WAN's IP.

Default config

Allow inbound from WAN to LAN for winbox managing

Not actually to the LAN, but to the router itself. Do you really need to manage the router from the WAN side, rather than from a machine on the LAN? This will involve adding a simple accept rule to the input chain. I'd strictly limit the source addresses allowed.

port forward 446 to 10.1.1.5
port forward 3389 to 10.1.1.6

You'll need to add a couple of /ip firewall nat rules to map those ports in and a couple of accept rules in the forward chain. Be careful though, RDP is currently a *very* popular service to attack.

BTW - What hardware are you using? The defaults about are true for models like the RB750, RB450, ... but may not hold for all.

Exactly, im using the x86 PC version of 5.6

Im installing this in a ESXi host.

There is no default setup, so I need to enter everything manualy.

Is there a howto on basic setup of firewall rules? At least that would get me started.