diff --git a/IT/Deploying Hydra.md b/IT/Deployment docs/Deploying Hydra.md
similarity index 100%
rename from IT/Deploying Hydra.md
rename to IT/Deployment docs/Deploying Hydra.md
diff --git a/IT/Deploying PiVPN to a debian instance.md b/IT/Deployment docs/Deploying PiVPN to a debian instance.md
similarity index 100%
rename from IT/Deploying PiVPN to a debian instance.md
rename to IT/Deployment docs/Deploying PiVPN to a debian instance.md
diff --git a/IT/Deploying Syncthing.md b/IT/Deployment docs/Deploying Syncthing.md
similarity index 100%
rename from IT/Deploying Syncthing.md
rename to IT/Deployment docs/Deploying Syncthing.md
diff --git a/IT/Deploying pihole-docker to a brand new Debian instance.md b/IT/Deployment docs/Deploying pihole-docker to a brand new Debian instance.md
similarity index 100%
rename from IT/Deploying pihole-docker to a brand new Debian instance.md
rename to IT/Deployment docs/Deploying pihole-docker to a brand new Debian instance.md
diff --git a/IT/RouterOS port forwarding.md b/IT/RouterOS port forwarding.md
new file mode 100644
index 0000000..5eea73b
--- /dev/null
+++ b/IT/RouterOS port forwarding.md	
@@ -0,0 +1,20 @@
+To port forward with RouterOS, you need allow the port through the firewall, *and* actually forward traffic
+# Allow through the firewall
+1. Navigate to IP > Firewall from the sidebar, then go to the Filter Rules tab from the top
+2. Select `Add New` to create a new rule
+3. Set `Dst. Address` to the internal IP you want to allow traffic to
+4. Set `Protocol` to `6 (tcp)`
+5. Set `Dst. Port` to the port you want to allow traffic through
+6. Set `In. Interface List` to `all` (I'm sure this isn't the most correct option), but it works
+7. Set `Action` to `accept`
+8. (Optionally) add a comment explaining what you're doing
+# Forward traffic
+1. Navigate to IP > Firewall  from the sidebar, then go to the NAT tab from the top
+2. Select `Add New` to create a new rule
+3. Set `Chain` to `dstnat`, set `Protocol` to `6 (tcp)`
+4. Set `Dst. Port` to the port you want to forward
+5. Set `In. Interface List` to `WAN`
+6. Set `Action` to `dst-nat`
+7. Set `To Addresses` to the internal IP you want the traffic to go to
+8. (Optionally) add a comment explaining what you're doing
+
diff --git a/IT/Making nginx forward VPN and https traffic on tcp 443.md b/IT/Troubleshooting/Making nginx forward VPN and https traffic on tcp 443.md
similarity index 97%
rename from IT/Making nginx forward VPN and https traffic on tcp 443.md
rename to IT/Troubleshooting/Making nginx forward VPN and https traffic on tcp 443.md
index 9d7dd7d..abf88d9 100644
--- a/IT/Making nginx forward VPN and https traffic on tcp 443.md	
+++ b/IT/Troubleshooting/Making nginx forward VPN and https traffic on tcp 443.md	
@@ -53,4 +53,7 @@ arc@apollo-vm:/etc/nginx$ sudo ip addr show enX0
 
 The server now starts without issue.
 
-After going through that headache, I now believe that we're back to square 1, and we have 2 IPs that both need to listen externally on 443. 
\ No newline at end of file
+After going through that headache, I now believe that we're back to square 1, and we have 2 IPs that both need to listen externally on 443. 
+
+# Outcome
+I ended up spinning up a new openvpn server on TCP/3389 for RDP
\ No newline at end of file
diff --git a/IT/sudo unable to resolve host after hostname change.md b/IT/Troubleshooting/sudo unable to resolve host after hostname change.md
similarity index 100%
rename from IT/sudo unable to resolve host after hostname change.md
rename to IT/Troubleshooting/sudo unable to resolve host after hostname change.md