Configure Your DMZ In Mikrotik Router
For our purpose, let us assume the following:
- The first port (eth1) IP address: 10.252.108.14; obtained from the DHCP EEPIS server
- The second port (eth2) IP address: 192.168.2.1; connected to the DMZ server
- The third port (eth3) IP address: 192.168.1.1; used for the private network
Use Winbox, a remote GUI, to configure the Mikrotik router. Now, continue reading to know how to configure DMZ in Mikrotik router.
- You need to log in to the Mikrotik router and then connect the router and the EEPIS server.
- Next, make sure the eth1 gets DHCP connection from the EEPIS server.
- Open the Terminal and check the results of all the interfaces using the below command.
- interface print
- Assign the private IP address ‘192.168.1.1’ to the eth3, that is to be used by the private network, and verify the settings.
- ip address add address=192.168.1.124 interface-ether3
- ip address print
- Now, assign the gateway IP address to eth1. This will be a public IP address. Let us consider ’10.252.108.1’ to be the gateway IP address.
- ip route add gateway=10.252.108.1
- ip route print
- Assigning the DNS server ‘202.9.85.3’ --- the EEPIS DNS server --- is the first step in creating a DHCP server. Also, change the remote request option to Yes so that the DNS server will allow and process requests for the network.
- ip dns set servers=202.9.85.3
- ip dns set allow-remote-request=yes
- ip dns print
- Once the remote requests are activated, the router will respond to TCP and UDP DNS requests on the port 53.
- Following that, create DHCP for eth3 using the network space ‘192.168.1.0/24’ on the EEPIS DNS server, which is already set along with the ‘192.168.1.1’ gateway.
- ip dhcp-server setup
- Now, you will be prompted to select the dhcp server interface. Here you have to input ether3.
- Next, assign IP ‘192.168.2.1’ for the eth2.
- ip address add address=192.168.2.1/24 interface=ether2
- Add the NAT or srcnat sources. The IP address and port of the data changes while routing from the network ‘192.168.1.0/24’ to ‘10.255.108.114’ of the router.
- ip firewall nat add chain=scrnat action=masquerade out-interface
- To all the sources of destination IP ’10.252.108.14’ on TCP to the ‘192.168.2.2.80’ on port 80, add destination NAT or dstnat to prepare the web service.
- ip firewall nat add chain=dstnat src-address=0.0.0.0/0 dat-address=10.252.108.14 protocol=tcp port=80 action=dst-nat tc-addresses=192.168.2.2 to-ports=80 And finally you will know how to configure DMZ in Mikrotik router.