Hi there,
What im trying to do is, DMZ all traffic to a local host including ping requests. I also want to hide my RB from trace-routes... Is this possible?
Thanks,
Re: DMZ ping and hide from traceroute?
Sure it is. First is simple dstnat, same thing like when you forward ports, only you skip protocol and it will take all. And for second, use mangle to increase ttl by one, and block ttl exceeded packets from RB to client using filter in output.
Re: DMZ ping and hide from traceroute?
Thanks Sob, I get the first dst-nat part but don't get the second. Would you have an example command for this?Sure it is. First is simple dstnat, same thing like when you forward ports, only you skip protocol and it will take all. And for second, use mangle to increase ttl by one, and block ttl exceeded packets from RB to client using filter in output.
Re: DMZ ping and hide from traceroute?
In fact, dropping packets is not necessary, just change TTL. For example, this will cause client 192.168.80.10 to not see router in traceroute:
Code: Select all
/ip firewall mangle
add action=change-ttl chain=prerouting new-ttl=increment:1 passthrough=yes src-address=192.168.80.10Re: DMZ ping and hide from traceroute?
Awesome! thanks Sob.In fact, dropping packets is not necessary, just change TTL. For example, this will cause client 192.168.80.10 to not see router in traceroute:
Code: Select all/ip firewall mangle add action=change-ttl chain=prerouting new-ttl=increment:1 passthrough=yes src-address=192.168.80.10
Ill give it a test tonight
Re: DMZ ping and hide from traceroute?
I'm a newbie and wanted to hide my ISP Router. Can you provide a physical configuration for Mikrotik Thank you in advance...