MikroTik Easy and Simple DMZ

Whilst going through the MikroTik forums I noticed a post asking about DMZ, whilst this in itself is very easy if you know what you are doing with RouterOS. It may not be if you are new or not well versed in it. Below is my simple “one liner” to get a DMZ working to an IP of your choice. This should be relatively safe to use if you are on the LAN side as it will only push traffic coming to you through your WAN interface. Also note that it will not work for any local requests that need to go through NAT.

/ip firewall nat
add action=dst-nat chain=dstnat comment="DMZ rule [edit the \"in interface\" to your WAN connection and the \"to address\" to your LAN IP]." in-interface=WAN-IN to-addresses=

Simple. More to come so you can actually get a handle on controlling other services that you may not want to go through the DMZ.


Quick site update

So I’ve not posted anything on my blog for a while. Life has been busy with the arrival of both another beautiful baby girl and the very recent furry baby girl. The family life has been fairly hectic. I have though been pressing on and doing a lot of cool Mikrotik oriented stuff, policy based routing, dynamic hairpin nat and I’ve also recently stepped over into the wonderful world of virtualisation and started my own CHR instance!

I’ve also had a huge internet service upgrade (thankyou so much to my ISP).

I have a few tutorials planned out and that are starting to hit the paper/screen and getting ready for polish. Tie that into a complete man cave rework and total redecoration and move around to try and enable me to make more and better video and streaming content.

Good stuff to come!