Do your public ip's all have internet access? What configuration do you have on your ip/route?
/ip firewall nat add chain=srcnat dst-adress-type=local action=src-nat to-address=1.1.1.1
No need for destination NAT - after all, traffic is to the router itself.Code: Select all/ip firewall nat add chain=srcnat dst-adress-type=local action=src-nat to-address=1.1.1.1
No. You have it completely backwards.
You use whichever IP address isn't destination NATed to an inside host. The router can listen on ALL IP addresses configured on its interfaces, but will sometimes - when you configure destination NAT - send that traffic to somewhere else rather than listen to it. So your problem isn't what destination NAT rule to apply, but your problem is NOT to apply destination NAT at all for traffic that is destined to the router directly. It's already going to the router because the destination IP address is one configured on a router interface, after all.
/ip address print detail
1 address=172.16.0.1/24 network=172.16.0.0 interface=ether9 actual-interface=ether9
2 address=172.16.0.5/24 network=172.16.0.0 interface=ether9 actual-interface=ether9
3 address=172.16.0.10/24 network=172.16.0.0 interface=ether9 actual-interface=ether9
4 address=172.16.0.15/24 network=172.16.0.0 interface=ether9 actual-interface=ether9
/ip route print detail
0 S dst-address=0.0.0.0/0 gateway=172.16.0.254 gateway-status=172.16.0.254 unreachable distance=1 scope=30 target-scope=10
1 ADC dst-address=172.16.0.0/24 pref-src=172.16.0.1 gateway=ether9 gateway-status=ether9 unreachable distance=0 scope=200
3 ADC dst-address=192.168.0.0/16 pref-src=192.168.255.254 gateway=ether8 gateway-status=ether8 unreachable distance=0 scope=200
/interface print detail
0 R name="ether10" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=9116
1 name="ether9" type="ether" mtu=1500 l2mtu=1500 max-l2mtu=9116
2 name="ether7" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=4080
3 name="ether8" type="ether" mtu=1500 l2mtu=1500 max-l2mtu=4080
4 name="ether6" type="ether" mtu=1500 l2mtu=1600 max-l2mtu=4080
5 name="ether5" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4078
6 name="ether4" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4078
7 name="ether3" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4078
8 name="ether2" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4078
9 name="ether1" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4078
/ip firewall nat export
add action=src-nat chain=srcnat comment="192.168.0.1 (SOURCE NATTING)" disabled=no src-address=192.168.0.1 to-addresses=172.16.0.5
add action=dst-nat chain=dstnat comment="192.168.0.1 (DESTINATION NATTING)" disabled=no dst-address=172.16.0.5 to-addresses=192.168.0.1
add action=src-nat chain=srcnat comment="192.168.0.2 (SOURCE NATTING)" disabled=no src-address=192.168.0.2 to-addresses=172.16.0.10
add action=dst-nat chain=dstnat comment="192.168.0.2 (DESTINATION NATTING)" disabled=no dst-address=172.16.0.10 to-addresses=192.168.0.2
add action=src-nat chain=srcnat comment="192.168.0.3 (SOURCE NATTING)" disabled=no src-address=192.168.0.3 to-addresses=172.16.0.15
add action=dst-nat chain=dstnat comment="192.168.0.3 (DESTINATION NATTING)" disabled=no dst-address=172.16.0.15 to-addresses=192.168.0.3
add action=netmap chain=srcnat comment="ROUTER OS (SOURCE NAT)" disabled=no to-addresses=172.16.0.1
The above was taken from the wiki - http://wiki.mikrotik.com/wiki/Manual:IP ... nation_NATDestination NAT
If you want to link Public IP 10.5.8.200 address to Local one 192.168.0.109, you should use destination address translation feature of the MikroTik router. Also if you want allow Local server to talk with outside with given Public IP you should use source address translation, too.
Add Public IP to Public interface:
/ip address add address=10.5.8.200/32 interface=Public
Add rule allowing access to the internal server from external networks:
/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \
to-addresses=192.168.0.109
Add rule allowing the internal server to talk to the outer networks having its source address translated to 10.5.8.200:
/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \
to-addresses=10.5.8.200
The above was taken from the wiki - http://wiki.mikrotik.com/wiki/Manual:IP ... nation_NATDestination NAT
If you want to link Public IP 10.5.8.200 address to Local one 192.168.0.109, you should use destination address translation feature of the MikroTik router. Also if you want allow Local server to talk with outside with given Public IP you should use source address translation, too.
Add Public IP to Public interface:
/ip address add address=10.5.8.200/32 interface=Public
Add rule allowing access to the internal server from external networks:
/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \
to-addresses=192.168.0.109
Add rule allowing the internal server to talk to the outer networks having its source address translated to 10.5.8.200:
/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \
to-addresses=10.5.8.200
As for the discrepancy listed in your previous post with the MAC/IP in winbox... I believe you said you enabled proxy-arp in one of your other posts... Proxy-ARP is not necessary.
Do another /system reset-configuration
Configure the LAN and add your WAN IP and setup your NAT.
All you need to modify is the
/ip address (add LAN and WAN IP addresses)
/ip firewall nat (add one to one nat under src-nat/dst-nat)
/ip route (for your default gateway)
Don't overcomplicate things get the bare minimum setup and tested then add whatever firewall rules, additional NAT, etc... you need after its setup and working with the basics.
It sounds like 172.16.0.1 is your management IP address.. Just assign this to the public interface there's no NAT settings required to point this at the router./ip firewall nat add action=netmap chain=srcnat comment="ROUTER OS (SOURCE NAT)" disabled=no to-addresses=172.16.0.1
Hi
ip firewall nat add chain=srcnat src-address=192.168.0.1 action=src-nat to-addresses="IP PUBLIC 1"
ip firewall nat add chain=dstnat dst-address="IP PUBLIC 1" action=dst-nat to-addresses=192.168.0.1
This is your config
You should use this config ad everything will be ok:
ip firewall nat add chain=srcnat src-address=192.168.0.1 action=src-nat to-addresses="IP PUBLIC 1"
ip firewall nat add chain=dstnat dst-address="IP PUBLIC 1" action=net-map to-addresses=192.168.0.1