Community discussions

MikroTik App
 
busa1300
newbie
Topic Author
Posts: 35
Joined: Wed Dec 28, 2005 11:15 pm
Location: Indiana, USA

How to forward DMZ

Wed Feb 03, 2010 4:01 pm

Is there a way to forward the DMZ (like a dlink) from a mikrotik rb411 w/3.30?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to forward DMZ

Wed Feb 03, 2010 11:22 pm

Sort of. There is no "forward to DMZ" button, but all such a button does in home routers is to NAT the WAN interface to a machine on the LAN, possibly exempting a few ports.

If you already have generic NAT (masquerade) set up the src-nat portion is done and all you have to is dst-nat. All the below examples are assuming dynamic WAN addresses.

You can either just forward a couple of ports:
/ip firewall nat
add chain=dstnat action=dst-nat in-interface=[WAN INTERFACE NAME] protocol=tcp dst-port=80 to-addresses=[INSIDE IP ADDRESS OF DMZ HOST]
Or everything but a few ports you want to terminate on the router so you can administrate it from the WAN:
/ip firewall nat
add chain=dstnat action=accept in-interface=[WAN INTERFACE NAME] protocol=tcp dst-port=22 comment="Keep tcp/22 for ssh on the router"
add chain=dstnat action=dst-nat in-interface=[WAN INTERFACE NAME] to-addresses=[INSIDE IP ADDRESS OF DMZ HOST] comment="And the rest goes to the DMZ host"
The NAT wiki is very detailed.
 
isaacu
newbie
Posts: 49
Joined: Thu Oct 28, 2010 8:18 pm

Re: How to forward DMZ

Fri Mar 14, 2014 3:24 am

Brilliant!!
This worked perfectly.
 
nook1y
just joined
Posts: 3
Joined: Wed May 31, 2017 12:16 pm

Re: How to forward DMZ

Wed May 31, 2017 12:23 pm

Sort of. There is no "forward to DMZ" button, but all such a button does in home routers is to NAT the WAN interface to a machine on the LAN, possibly exempting a few ports.

If you already have generic NAT (masquerade) set up the src-nat portion is done and all you have to is dst-nat. All the below examples are assuming dynamic WAN addresses.

You can either just forward a couple of ports:
/ip firewall nat
add chain=dstnat action=dst-nat in-interface=[WAN INTERFACE NAME] protocol=tcp dst-port=80 to-addresses=[INSIDE IP ADDRESS OF DMZ HOST]
Or everything but a few ports you want to terminate on the router so you can administrate it from the WAN:
/ip firewall nat
add chain=dstnat action=accept in-interface=[WAN INTERFACE NAME] protocol=tcp dst-port=22 comment="Keep tcp/22 for ssh on the router"
add chain=dstnat action=dst-nat in-interface=[WAN INTERFACE NAME] to-addresses=[INSIDE IP ADDRESS OF DMZ HOST] comment="And the rest goes to the DMZ host"
The NAT wiki is very detailed.

Hello all,,
I'm still trying to open a port I did as it was written above But the problem does not work
So why do not I load the site And after I go into winbox on / IP Firewall nat and there as you say above but the problem is that I see it does tricks yes site page does not open why somebody can help me

Who is online

Users browsing this forum: Bing [Bot], keithy, Kindis, phili76, Renfrew, sindy and 89 guests