Difference between revisions of "NAT Tutorial"
From MikroTik Wiki
(New page: ==MIKROTIK NAT== '''This is a short howto explaining how to set up a full-NAT on a Mikrotik RouterOS. ''' This setup lets you hide your private ip from the public network. This means th...) |
m (Add link to connection tracking) |
||
(5 intermediate revisions by 4 users not shown) | |||
Line 3: | Line 3: | ||
'''This is a short howto explaining how to set up a full-NAT on a Mikrotik RouterOS. ''' | '''This is a short howto explaining how to set up a full-NAT on a Mikrotik RouterOS. ''' | ||
− | This setup | + | This setup allows you to hide (masquerade) your private IP address from a public network. This means, for example, that in your private network you can have whatever private IP you want which is then in turn translated to the public network IP given to you by your network provider. |
− | This tutorial can be used by clients who want to connect to a network without | + | This tutorial can thus be used by clients who want to connect to a network without requiring a change to the internal IP addressing of their LAN. |
==Example== | ==Example== | ||
− | + | In the following example we have a wireless interface which connects to a public wireless network and an Ethernet interface for the local private network. | |
− | Suppose | + | Suppose we have 192.168.1.2/24 (Internal Private Network) |
− | Your RouterBoard's Ethernet | + | Your RouterBoard's Ethernet interface is 192.168.1.1/24 (fixed Private Network IP) |
− | Your RouterBoard's Wireless card is 10.140.1.30/26 (Public) | + | Your RouterBoard's Wireless card is 10.140.1.30/26 (Public Network) |
− | The Access Point | + | The Access Point you connect to is 10.140.1.1/26 (Public Network gateway) |
[[Image:Nat with 1 pc.jpg]] | [[Image:Nat with 1 pc.jpg]] | ||
− | + | * First set the two IP addresses of the ethernet and wireless interfaces | |
+ | |||
[[Image:Mikrotik nat howto01.jpg]] | [[Image:Mikrotik nat howto01.jpg]] | ||
+ | |||
[[Image:Mikrotik nat howto02.jpg]] | [[Image:Mikrotik nat howto02.jpg]] | ||
− | + | ||
+ | * Second set the static route so that we can access the external Public network | ||
+ | ----most likely you will want to use 0.0.0.0/0 as the destination in your primary public route---- | ||
+ | |||
[[Image:Mikrotik nat howto03.jpg]] | [[Image:Mikrotik nat howto03.jpg]] | ||
+ | |||
[[Image:Mikrotik nat howto04.jpg]] | [[Image:Mikrotik nat howto04.jpg]] | ||
− | We start building the NAT as | + | |
+ | * We start building the NAT as follows | ||
+ | |||
[[Image:Mikrotik nat howto05.jpg]] | [[Image:Mikrotik nat howto05.jpg]] | ||
+ | |||
[[Image:Mikrotik nat howto06.jpg]] | [[Image:Mikrotik nat howto06.jpg]] | ||
− | DST-NAT | + | |
+ | * First the Destination Network Address Translation setting (DST-NAT) | ||
+ | ----Only do this if you want to expose this specifice internal pc to all ports, this is the same as a DMZ----- | ||
+ | |||
[[Image:Mikrotik nat howto07.jpg]] | [[Image:Mikrotik nat howto07.jpg]] | ||
+ | |||
[[Image:Mikrotik nat howto08.jpg]] | [[Image:Mikrotik nat howto08.jpg]] | ||
− | SRC-NAT | + | |
+ | * Then the Source Network Address Translation setting (SRC-NAT) | ||
+ | ---On the Action Screen you could instead choose masquerade--- | ||
[[Image:Mikrotik nat howto09.jpg]] | [[Image:Mikrotik nat howto09.jpg]] | ||
+ | |||
[[Image:Mikrotik nat howto10.jpg]] | [[Image:Mikrotik nat howto10.jpg]] | ||
− | NAT | + | |
+ | * Private to Public Network Address Translation (NAT) is Complete! | ||
+ | |||
[[Image:Mikrotik nat howto11.jpg]] | [[Image:Mikrotik nat howto11.jpg]] | ||
+ | |||
+ | * Note: Network Address Translation (NAT) requires that [[Manual:Connection_tracking|connection tracking]] be enabled. |
Latest revision as of 18:29, 14 November 2010
MIKROTIK NAT
This is a short howto explaining how to set up a full-NAT on a Mikrotik RouterOS.
This setup allows you to hide (masquerade) your private IP address from a public network. This means, for example, that in your private network you can have whatever private IP you want which is then in turn translated to the public network IP given to you by your network provider. This tutorial can thus be used by clients who want to connect to a network without requiring a change to the internal IP addressing of their LAN.
Example
In the following example we have a wireless interface which connects to a public wireless network and an Ethernet interface for the local private network.
Suppose we have 192.168.1.2/24 (Internal Private Network) Your RouterBoard's Ethernet interface is 192.168.1.1/24 (fixed Private Network IP) Your RouterBoard's Wireless card is 10.140.1.30/26 (Public Network) The Access Point you connect to is 10.140.1.1/26 (Public Network gateway)
- First set the two IP addresses of the ethernet and wireless interfaces
- Second set the static route so that we can access the external Public network
most likely you will want to use 0.0.0.0/0 as the destination in your primary public route----
- We start building the NAT as follows
- First the Destination Network Address Translation setting (DST-NAT)
Only do this if you want to expose this specifice internal pc to all ports, this is the same as a DMZ-----
- Then the Source Network Address Translation setting (SRC-NAT)
---On the Action Screen you could instead choose masquerade---
- Private to Public Network Address Translation (NAT) is Complete!
- Note: Network Address Translation (NAT) requires that connection tracking be enabled.