DMZ is the short form of Demilitarized Zone. The DMZ keeps the internal network safe from any external network and hence it creates its web servers (HTTP), email servers (SMTP), FTP servers, and DNS servers for this purpose. You can create and configure DMZ on a Mikrotik router and here we are going to create a Linux firewall with three Ethernet ports. Carry out the steps to know how to configure DMZ in Mikrotik router.
Next, make sure the eth1 gets DHCP connection from the EEPIS server.
Open the Terminal and check the results of all the interfaces using the below command.
Assign the private IP address ‘192.168.1.1’ to the eth3, that is to be used by the private network, and verify the settings.
ip address add address=192.168.1.124 interface-ether3
ip address print
Now, assign the gateway IP address to eth1. This will be a public IP address. Let us consider ’10.252.108.1’ to be the gateway IP address.
ip route add gateway=10.252.108.1
ip route print
Assigning the DNS server ‘220.127.116.11’ --- the EEPIS DNS server --- is the first step in creating a DHCP server. Also, change the remote request option to Yes so that the DNS server will allow and process requests for the network.
ip dns set servers=18.104.22.168
ip dns set allow-remote-request=yes
ip dns print
Once the remote requests are activated, the router will respond to TCP and UDP DNS requests on the port 53.
Following that, create DHCP for eth3 using the network space ‘192.168.1.0/24’ on the EEPIS DNS server, which is already set along with the ‘192.168.1.1’ gateway.
ip dhcp-server setup
Now, you will be prompted to select the dhcp server interface. Here you have to input ether3.
Next, assign IP ‘192.168.2.1’ for the eth2.
ip address add address=192.168.2.1/24 interface=ether2
Add the NAT or srcnat sources. The IP address and port of the data changes while routing from the network ‘192.168.1.0/24’ to ‘10.255.108.114’ of the router.
ip firewall nat add chain=scrnat action=masquerade out-interface
To all the sources of destination IP ’10.252.108.14’ on TCP to the ‘192.168.2.2.80’ on port 80, add destination NAT or dstnat to prepare the web service.
ip firewall nat add chain=dstnat src-address=0.0.0.0/0 dat-address=10.252.108.14 protocol=tcp port=80 action=dst-nat tc-addresses=192.168.2.2 to-ports=80 And finally you will know how to configure DMZ in Mikrotik router.