I’ve setup a 1:1 NAT scheme using the information in the wiki: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#1:1_mapping
It’s all working except that ARP isn’t working on the public side. If I temporarily add an IP address to the router for a translated address the router will respond to the arp request and it will work until the arp cache times out on the upstream device. Does anyone know how to get this working?
RouterOS is v4.17
Andrew
please show your configuration for the firewall and arp print, what do you want to achieve with this?
/ip address
add address=10.1.0.1/16 broadcast=10.1.255.255 comment="" disabled=no \
interface=ether5 network=10.1.0.0
add address=10.2.0.1/16 broadcast=10.2.255.255 comment="" disabled=no \
interface=ether1 network=10.2.0.0
/ip firewall nat
add action=netmap chain=dstnat comment="" disabled=no dst-address=10.2.0.0/16 \
to-addresses=10.1.0.0-10.1.255.255
add action=netmap chain=srcnat comment="" disabled=no src-address=10.1.0.0/16 \
to-addresses=10.2.0.0-10.2.255.255
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
10.2.0.254 scope=30 target-scope=10
The upstream router at 10.2.0.254 will not obtain responses to arp requests for devices on the 10.1.0.0/16 network unless I alias the address onto the outside interface of the nat device e.g.
add address=10.2.0.150/16 broadcast=10.2.255.255 comment="" disabled=no \
interface=ether1 network=10.2.0.0
will enable a device at 10.1.0.150 to communicate.
While this will work for a small number of devices I’m hiding an entire /16 network behind the nat device and this will quckly get out of hand.
Andrew