MikroTik

Hi all
I want to creat a network with three area: WAN, LAN and DMZ
my question is: witch rules should i put in the firewall to setup this configuration?
Any body have an exemple or tutorial for that?
Thx

I'm not sure what do you mean by three areas, but to configure DMZ you should use the following in your firewall:

ip firewall nat add chain=dst-nat dst-address=103.x.x.x action=dst-nat to-address=192.168.1.x

If I understood you correctly.

Regards.

Dear Friend,

Well, I understand your requests on fully setting up your Router OS as a firewall box which sits in between WAN = Internet, DMZ = Server Farm and LAN = Local Network.

I did post a request on this a couple of months ago and search the wiki but no one seems to be helpful enough to guide us?

All the answers we get is "Read the Manual".... Which I think is too cryptic for a newbie to understand.

Mind you, no one have a full write out example with pictures and diagram illustration on how to setup a corporate standard firewall yet!

So, too bad we have to learn it ourselves and if you are kind enough then you may take you time to properly document it and post it at here and wikipedia.

I myself almost gave up the firewall setup thing since there is no wizard guided tool as compare to he hotspot wizard tool in RouterOS ver 2.9.xx onwards.

I might use open source linux firewall solution if I can't find anyhelp here!

Thanks anyway!

;-(

Rodney

Rodney,

DMZ would be a NAT rule in the firewall settings. This is where you can configure what internal ip is linked to the public ip address(es).

When it comes to the firewall settings for the router.

INPUT - Would be for all the traffic entering your router. Which i would advise you to use the rules on the bottom of http://wiki.mikrotik.com/wiki/Securing_your_router

Forward - This would be for all the traffic coming from the internet to your pc's and the other way around. (This is where your LAN traffic would be). So if you want to block ports, p2p, or whatever this is the section in the firewall rules that you would want to setup this.

If you post what kind of things you are trying to do, we can help you more.

Hello,

i'm a new with MT. I would like to setup web server in my LAN which already have SQL server, Domain server and DNS,DHCP server.
My concern is security! In that mater i want to setup web server in DMZ zone with web application which will communicate ONLY with SQL server for generating reports into web pages.

I have MT750GL with one free port, two wan and two LAN are in use.
I will be grateful for help on how to setup MT.

BR
Dusan

Hello,

i'm a new with MT. I would like to setup web server in my LAN which already have SQL server, Domain server and DNS,DHCP server.
My concern is security! In that mater i want to setup web server in DMZ zone with web application which will communicate ONLY with SQL server for generating reports into web pages.

I have MT750GL with one free port, two wan and two LAN are in use.
I will be grateful for help on how to setup MT.

BR
Dusan