Community discussions

MikroTik App
 
pascal
just joined
Topic Author
Posts: 8
Joined: Fri Aug 26, 2011 5:01 pm

PAT/NAT Overload RB1100

Fri Aug 26, 2011 5:15 pm

Hello,

I'm newbie and I have some problem to configure a RB1100.

I have one public IP which must be shared with network 192.168.40.0

In Firewall/NAT which chain I must used srcnat or dstnat? Which action srcnat/dstnat/masquerade?

I have try different solution but I have the following problem sometimes I can ping outside and sometimes not.

It seem that there is an instability.

The problem is not on my ISP, if I connect my laptop directly on the modem without RB1100 no problem with the internet connection.

I think that the problem is on the NAT not correcly configured.

An idea?
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: PAT/NAT Overload RB1100

Fri Aug 26, 2011 6:03 pm

If you're trying to make an entire network appear as one address when devices on that network connect to that Internet you need to use source NAT. After all you're trying to translate the SOURCE address of the packet to a public IP address. Source NAT is of course configured in the srcnat chain.

The srcnat chain only has 'src-nat' and 'masquerade' as available options. They are both mostly the same thing, with one crucial difference: 'src-nat' also requires you to specify a 'to-address', which is the address that the source IP address of a packet will be changed to in its header. 'masquerade' automagically picks the preferred source address of the interface and you don't have to specify a 'to-address'. If you have a static public IP it's best practice to use 'src-nat' and manually set the 'to-address' to your static IP. If you have a dynamic public IP (you are running a DHCP client on your WAN interface) you have to pick 'masquerade'.
 
pascal
just joined
Topic Author
Posts: 8
Joined: Fri Aug 26, 2011 5:01 pm

Re: PAT/NAT Overload RB1100

Fri Aug 26, 2011 7:19 pm

Thank you Fewi for your answer.

If I understood everything, I can configure NAT like that

chain: srcnat
Out interface : "interface wan to ISP"

Action : src-nat
to Adresses: "public IP"
To port : 0-65535 (it's necessary ?)

Right?
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: PAT/NAT Overload RB1100

Fri Aug 26, 2011 7:55 pm

'to-port' is indeed unnecessary. Assuming the public IP is 1.1.1.1 and your WAN interface is called 'WAN' the CLI command would be:
/ip firewall nat
add chain=srcnat out-interface=WAN action=src-nat to-address=1.1.1.1
 
pascal
just joined
Topic Author
Posts: 8
Joined: Fri Aug 26, 2011 5:01 pm

Re: PAT/NAT Overload RB1100

Sat Aug 27, 2011 10:36 am

Thank you Fewi for your assistance, it's working fine now.

:D

Who is online

Users browsing this forum: kevinds and 30 guests