convert cisco vlan interface to Mikrotik OS (NAT)

rb384997 · Sun Sep 19, 2010 7:02 pm

Ok so I have a vlan 10 interface and im not sure how to set it up the nat portion in the mikrotik.
Can any one help?

interface FastEthernet0/0.10
description VLAN 10 and old VL20
encapsulation dot1Q 10
ip address xxx.xxx.181.1 255.255.255.0 secondary
ip address xxx.xxx.52.1 255.255.252.0 secondary
ip address xxx.xxx.0.1 255.255.0.0 secondary
ip address xxx.xxx.17.65 255.255.255.192
ip access-group 197 in
ip helper-address 70.60.17.20
ip nat inside
no cdp enable

access-list 197 permit tcp any any established
access-list 197 permit tcp xxx.24.0.0 0.0.3.255 host xxx.60.17.11 eq smtp
access-list 197 deny tcp xxx.24.0.0 0.0.3.255 any eq smtp
access-list 197 permit tcp xxx.20.0.0 0.0.3.255 host xxx.60.17.11 eq smtp
access-list 197 deny tcp xxx.20.0.0 0.0.3.255 any eq smtp
access-list 197 permit tcp xxx.1.16.0 0.0.3.255 host xxx.60.17.11 eq smtp
access-list 197 deny tcp xxx.1.16.0 0.0.3.255 any eq smtp
access-list 197 deny tcp any any eq 445
access-list 197 deny udp any any eq 6346
access-list 197 deny tcp any any eq 139
access-list 197 deny udp any any eq 41170
access-list 197 deny tcp any any eq 6346
access-list 197 deny udp any any eq 6348
access-list 197 deny tcp any any eq 135
access-list 197 deny tcp any any eq 6348
access-list 197 permit ip any any

fewi · Sun Sep 19, 2010 8:18 pm

You're showing an interface and an access list, and no NAT command (other than designating the interface as a NAT inside interface).

Does your below thread, which I responded to, have anything to do with this question?
http://forum.mikrotik.com/viewtopic.php?f=2&t=45121

rb384997 · Sun Sep 19, 2010 11:12 pm

btw, thanks, for the help, just stumbling a bit.

yes it does apply to the other post, I have main interface(ether 1) and 4 of my vlans set up on the Mikrotik,
(I'm assuming vlan1-cisco is same as standard ether1 on MT-rtr)

In the cisco it does specify Outside Nat on main interface (vlan1), all other vlans are inside nat,
but there are no nat commands other than the nat pools in the other thread,

So I guess everything is just routed other than the (ip nat inside source list of each pool)?

fewi · Sun Sep 19, 2010 11:20 pm

The reply in the other thread shows a full RouterOS NAT configuration.

rb384997 · Mon Sep 20, 2010 3:21 am

ok one last cfg, cisco nat cmd to mikrotik nat

ip nat inside source static xxx.20.0.77 xxx.60.17.180

fewi · Mon Sep 20, 2010 4:23 am

/ip firewall nat
add chain=srcnat out-interface=WAN src-address=xxx.20.0.77 action=src-nat to-address=xxx.60.17.80

You're getting pretty basic here, really. All of this is covered by the manual: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

rb384997 · Wed Sep 22, 2010 5:10 am

ip nat inside source static xxx.20.0.77 xxx.60.17.180

This command is more of an ip mapping.

I needed to be able to log in in to the private assigned device using the public address(from external my network)
This is the actual cisco to mikrotik conversion that worked worked.

/ip firewall nat add chain=dstnat dst-address=x.60.17.180 \
action=netmap to-addresses=x.20.0.77

/ip firewall nat add chain=srcnat src-address=x.20.0.77 \
action=netmap to-addresses=x.60.17.180

Thanks, I read through the wiki

convert cisco vlan interface to Mikrotik OS (NAT)

convert cisco vlan interface to Mikrotik OS (NAT)

Re: convert cisco vlan interface to Mikrotik OS (NAT)

Re: convert cisco vlan interface to Mikrotik OS (NAT)

Re: convert cisco vlan interface to Mikrotik OS (NAT)

Re: convert cisco vlan interface to Mikrotik OS (NAT)

Re: convert cisco vlan interface to Mikrotik OS (NAT)

Re: convert cisco vlan interface to Mikrotik OS (NAT)

Who is online