Question Setting DMZ between Private LAN in Mikrotik router

[derek wildstar]

This is my situation:
ISP Router (Public Ip) -> My Mikrotik (wan IP 192.168.1.5 - gateway 192.168.1.1 ISP router LAN IP) ->Pfsense (WAN IP 192.168.3.80)
My Mikrotik's WAN IP is already set in DMZ in the ISP router setting, and I need now to set, in my Mikrotik router, the pfSense's WAN IP (192.168.3.80) in DMZ too. I know that it is kind of triple NAT, but I don't mind since I'm just practising with it now.
Anyway, I didn't understand how to set my pfsense WAN IP (turned as static IP in Mikrotik) in my hAp ac2 mikrotik router.
By the way, my pfsense is connected to my mikrotik to a ethernet interfaces. Four ethernet lan interfaces are set as one bridge.

I had no problem with my old dd-wrt router to put my pfsense in DMZ since there was a simple DMZ tab where I set my pfsense WAN ip and saved, but RouterOS seems to be much more completed when it comes to doing even simple stuff and get the job done

I perfectly know that It would be better to directly connect my pfsense to the ISP router (which has the DMZ option as well), but I can't do it for more than one reason. For the time being, my Mikrotik router is connected to the ISP router, and I often put it in DMZ (The ISP router doesn't allow me to put it in bridge) if I want to avoid any port forwarding problem when I do some test with a few services.

So, since pfsense is a firewall by itself already , I don't want my Mikrotik firewall affect the PFsense's input and output traffic in any way.
I even don't know if a DMZ setting towards my pfsense is the proper way to get my goal.

Could you help me figure it out please?

 

[kanewolf]

Did you read this -- https://mikrotik.com/testdocs/ros/2.8/appex/dmz.php

 

[derek wildstar]

Did you read this -- https://mikrotik.com/testdocs/ros/2.8/appex/dmz.php

I read it, but I am not sure what to do exactly. I don't want to mess something up.
I am new to RouterOS and Mikrotik.
Thank you

 

[kanewolf]

I read it, but I am not sure what to do exactly. I don't want to mess something up.
I am new to RouterOS and Mikrotik.
Thank you

Router OS is not simple. I had a MikroTik HEX because of the price/performance. I gave it up in favor of Ubiquiti.

 

[SamirD]

Router OS is not simple. I had a MikroTik HEX because of the price/performance. I gave it up in favor of Ubiquiti.

Yeah, I've been messing with routers for better part of 10 years and this is Cisco IOS and static routes level configuration.

I read it 3 times and barely have half an understanding of what's going on.

 

[nigelivey]

Why do you even have the MikroTik device in this setup?

 

[derek wildstar]

Why do you even have the MikroTik device in this setup?

What do you mean exactly?

 

[nigelivey]

What do you mean exactly?

Exactly that. What does the MikroTik do for you in this setup that the ISP Modem and your Pfsense can't on their own? I dont understand the point of the Mikrotik in the middle?

 

[derek wildstar]

Exactly that. What does the MikroTik do for you in this setup that the ISP Modem and your Pfsense can't on their own? I dont understand the point of the Mikrotik in the middle?

The ISP modem is not mine. I can ask the owner to set my Mikrotik IP in DMZ.
I set my Mikrotik device in the middle in order to manage my private LAN with a different network address.
As for my PFsense firewall, I am just learning how it works and doing some stuff with it. It is turned off most time.
Someday, when I'll have my own home, I am going to put a pfsense firewall behind an ISP router. My Mikrotik router would be used probably only to create and manage VLANs; meanwhile I am just practicing with the two devices, learning as much as I can.
It must be clear by now why I'd like to know how to set my pfsense firewall's IP(WAN) address in DMZ or whatever it is called in RouterOS.

 

[nigelivey]

The ISP modem is not mine. I can ask the owner to set my Mikrotik IP in DMZ.
I set my Mikrotik device in the middle in order to manage my private LAN with a different network address.
As for my PFsense firewall, I am just learning how it works and doing some stuff with it. It is turned off most time.
Someday, when I'll have my own home, I am going to put a pfsense firewall behind an ISP router. My Mikrotik router would be used probably only to create and manage VLANs; meanwhile I am just practicing with the two devices, learning as much as I can.
It must be clear by now why I'd like to know how to set my pfsense firewall's IP(WAN) address in DMZ or whatever it is called in RouterOS.

Everything you require can easily be achieved without the MikrotiK and by the sounds of it a fair bit easier than trying to put the Mikrotik in the middle. Everything you describe is what the Pfsense box is designed for, network segregation, Vlan management etc etc it isnt just a firewall but a fully managed L3 device. Router OS is junk by comparison.

 

[derek wildstar]

Everything you require can easily be achieved without the MikrotiK and by the sounds of it a fair bit easier than trying to put the Mikrotik in the middle. Everything you describe is what the Pfsense box is designed for, network segregation, Vlan management etc etc it isnt just a firewall but a fully managed L3 device. Router OS is junk by comparison.

I thought that my point was clear .I don't need any pfsense or mikrotik devices in my LAN. My previous DD-wrt router already did more than I actually needed already. I am practicing to delve deeper into the network stuff.
Could we please get back to the main point of my thread now?
Thank you

 

[nigelivey]

I thought that my point was clear .I don't need any pfsense or mikrotik devices in my LAN. My previous DD-wrt router already did more than I actually needed already. I am practicing to delve deeper into the network stuff.
Could we please get back to the main point of my thread now?
Thank you

Gosh, ok. Your point is there is no point it's just messing about with stuff? I hope you find the answer!! Should you require any help with elegance of PfSense drop me a message I regularly use it in extremely large production environments.

 

[derek wildstar]

Gosh, ok. Your point is there is no point it's just messing about with stuff? I hope you find the answer!! Should you require any help with elegance of PfSense drop me a message I regularly use it in extremely large production environments.

Yes, exactly. I know that what I am going to do is not the best solution for my actual needs. I'm kind of messing about with network stuff.
Oh, you are a pfsense expert. Very good I'll keep that in mind. My final goal would be just using pfsense with VLANs for my home LAN.
Thank you

 

[nigelivey]

Yes, exactly. I know that what I am going to do is not the best solution for my actual needs. I'm kind of messing about with network stuff.
Oh, you are a pfsense expert. Very good I'll keep that in mind. My final goal would be just using pfsense with VLANs for my home LAN.
Thank you

You are welcome.

 

[sttonydamunsta]

Gosh, ok. Your point is there is no point it's just messing about with stuff? I hope you find the answer!! Should you require any help with elegance of PfSense drop me a message I regularly use it in extremely large production environments.

Question it seems you know allot about this and im new to Mikrotik, im just trying to dmz my mikrotik modem any idea on how to do so ?

 

[USAFRet]

Question it seems you know allot about this and im new to Mikrotik, im just trying to dmz my mikrotik modem any idea on how to do so ?

Please start a NEW thread for your particular situation.
This one is almost 2 years old.

Some good people will almost certainly see it and reply.