RouterOS, by default, does not use a password for the admin user. The first thing you should do is to change the blank password to something else. From the GUI menu, select System | Users and select the default admin user and change its password.
Then, it is recommended to limit the connection to the management interface of the RouterOS using firewall rules. Switch to IP | Firewall from the menu and define the following firewall rules:
ID |
Chain |
Source address |
Action |
Notes |
0 |
Input |
Z.Z.Z.Z |
Permit |
Your home IP address, so you can connect to the virtual router |
1 |
Input |
172.16.1.0/24 |
Permit |
Allows connectivity from the management network |
2 |
Input |
10.0.0.0/8 |
Permit |
Allows connectivity from the production network |
3 |
Input |
|
Permit |
Check only the related and established options in the connection state |
4 |
Input |
|
Drop |
Drop anything that is not permitted |
These rules are shown in the following screenshot:
Next, we need to configure NAT so that our virtual machines will be able to connect to the internet and so that we can connect to our management station. Two rules should be defined in the NAT tab:
ID |
Chain |
Action type |
Notes |
0 |
srcnat |
masquerade |
|
1 |
dstnat |
dst-nat |
Fill in the destination address (the public IP of the virtual router) and port 3389. In Action, select dst-nat. The To Address value will be 172.16.1.250 and the To Port value should be 3389. |
The following screenshot contains the NAT rules: