How to link Public addresses to Local ones

From MikroTik Wiki
Revision as of 07:32, 31 May 2006 by Rieks (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Using Network Address Translation (NAT), private IP addresses on LAN are replaced by public IP addresses. This lets computers on LAN share public IP addresses.

File:Nat.jpg

Let us assume two addresses (10.0.0.216 and 10.0.0.217) are assigned to the router. In this example we will 'full NAT' the internal address 192.168.0.4 to the external 10.0.0.216 one while keeping 10.0.0.217 for the router itself as well as for masquerading the internal network. To setup the router follow the steps listed below.

1. Add 10.0.0.216/24 and 10.0.0.217/24 addresses to the router's Public interface and 192.168.0.254/24 to the router's Local interface:

[admin@MikroTik] ip address> add address=10.0.0.216/24 interface=Public
[admin@MikroTik] ip address> add address=10.0.0.217/24 interface=Public
[admin@MikroTik] ip address> add address=192.168.0.254/24 interface=Local

2. Add the default route to the router, but be aware of having two addresses. You should specify the address that the router will be using while talking to the outer networks:

[admin@MikroTik] ip route> add gateway=10.0.0.1 prefsrc=10.0.0.217

3. Add DST-NAT rule allowing access to the internal server from external networks:

[admin@MikroTik] ip firewall nat> add action=dst-nat chain=dstnat \
     dst-address=10.0.0.216/32 to-addresses=192.168.0.4

4. To add SRC-NAT rules allowing the internal server to talk to the outer networks having its source address translated to 10.0.0.216, while translating other internal hosts' source addresses to 10.0.0.217:

[admin@MikroTik] ip firewall nat> add action=src-nat chain=srcnat \
     src-address=192.168.0.4/32 to-addresses=10.0.0.216
[admin@MikroTik] ip firewall nat> add action=src-nat chain=srcnat \
     src-address=192.168.0.0/24 to-addresses=10.0.0.217