How To Configure DMZ In Mikrotik Router?
DMZ is the short form of Demilitarized Zone. The DMZ keeps the internal network safe from any external network and hence it creates its web servers (HTTP), email servers (SMTP), FTP servers, and DNS servers for this purpose. You can create and configure DMZ on a Mikrotik router and here we are going to create a Linux firewall with three Ethernet ports. Carry out the steps to know how to configure DMZ in Mikrotik router.
Configure Your DMZ In Mikrotik Router
For our purpose, let us assume the following:
- The first port (eth1) IP address: 10.252.108.14; obtained from the DHCP EEPIS server
- The second port (eth2) IP address: 192.168.2.1; connected to the DMZ server
- The third port (eth3) IP address: 192.168.1.1; used for the private network
Use Winbox, a remote GUI, to configure the Mikrotik router. Now, continue reading to know how to configure DMZ in Mikrotik router.
- You need to log in to the Mikrotik router and then connect the router and the EEPIS server.
- Next, make sure the eth1 gets DHCP connection from the EEPIS server.
- Open the Terminal and check the results of all the interfaces using the below command.
- interface print
- Assign the private IP address ‘192.168.1.1’ to the eth3, that is to be used by the private network, and verify the settings.
- ip address add address=192.168.1.124 interface-ether3
- ip address print
- Now, assign the gateway IP address to eth1. This will be a public IP address. Let us consider ’10.252.108.1’ to be the gateway IP address.
- ip route add gateway=10.252.108.1
- ip route print
- Assigning the DNS server ‘202.9.85.3’ --- the EEPIS DNS server --- is the first step in creating a DHCP server. Also, change the remote request option to Yes so that the DNS server will allow and process requests for the network.
- ip dns set servers=202.9.85.3
- ip dns set allow-remote-request=yes
- ip dns print
- Once the remote requests are activated, the router will respond to TCP and UDP DNS requests on the port 53.
- Following that, create DHCP for eth3 using the network space ‘192.168.1.0/24’ on the EEPIS DNS server, which is already set along with the ‘192.168.1.1’ gateway.
- Now, you will be prompted to select the dhcp server interface. Here you have to input ether3.
- Next, assign IP ‘192.168.2.1’ for the eth2.
- ip address add address=192.168.2.1/24 interface=ether2
- Add the NAT or srcnat sources. The IP address and port of the data changes while routing from the network ‘192.168.1.0/24’ to ‘10.255.108.114’ of the router.
- ip firewall nat add chain=scrnat action=masquerade out-interface
- To all the sources of destination IP ’10.252.108.14’ on TCP to the ‘192.168.2.2.80’ on port 80, add destination NAT or dstnat to prepare the web service.
- ip firewall nat add chain=dstnat src-address=0.0.0.0/0 dat-address=10.252.108.14 protocol=tcp port=80 action=dst-nat tc-addresses=192.168.2.2 to-ports=80 And finally you will know how to configure DMZ in Mikrotik router.