Difference between revisions of "NAT Tutorial"

From MikroTik Wiki
Jump to: navigation, search
m (add note about connection tracking)
Line 57: Line 57:
[[Image:Mikrotik nat howto11.jpg]]
[[Image:Mikrotik nat howto11.jpg]]
* Note: Network Address Translation (NAT) requires that connection tracking be enabled.

Revision as of 18:22, 14 November 2010


This is a short howto explaining how to set up a full-NAT on a Mikrotik RouterOS.

This setup allows you to hide (masquerade) your private IP address from a public network. This means, for example, that in your private network you can have whatever private IP you want which is then in turn translated to the public network IP given to you by your network provider. This tutorial can thus be used by clients who want to connect to a network without requiring a change to the internal IP addressing of their LAN.


In the following example we have a wireless interface which connects to a public wireless network and an Ethernet interface for the local private network.

Suppose we have (Internal Private Network) 
Your RouterBoard's Ethernet interface is (fixed Private Network IP) 
Your RouterBoard's Wireless card is (Public Network) 
The Access Point you connect to is (Public Network gateway) 

Nat with 1 pc.jpg

  • First set the two IP addresses of the ethernet and wireless interfaces

Mikrotik nat howto01.jpg

Mikrotik nat howto02.jpg

  • Second set the static route so that we can access the external Public network

most likely you will want to use as the destination in your primary public route----

Mikrotik nat howto03.jpg

Mikrotik nat howto04.jpg

  • We start building the NAT as follows

Mikrotik nat howto05.jpg

Mikrotik nat howto06.jpg

  • First the Destination Network Address Translation setting (DST-NAT)

Only do this if you want to expose this specifice internal pc to all ports, this is the same as a DMZ-----

Mikrotik nat howto07.jpg

Mikrotik nat howto08.jpg

  • Then the Source Network Address Translation setting (SRC-NAT)

---On the Action Screen you could instead choose masquerade--- Mikrotik nat howto09.jpg

Mikrotik nat howto10.jpg

  • Private to Public Network Address Translation (NAT) is Complete!

Mikrotik nat howto11.jpg

  • Note: Network Address Translation (NAT) requires that connection tracking be enabled.