Hello!
I’m trying out a temporary solution until the moment my ISP will give me a normal Internet connection with public ip.
My story is that our ISP isn’t giving us a public ip as normal ISP would do, but instead they are giving us /24 private ip network with the nat on their side with public ip. So - right now our GW is 192.168.0.254/24
As i wanted to create other internal networks i installed RB450G and created my desired networks behind Mikrotik NAT(10.10.1.0/24 and 10.10.2.0/24) (my ISP is not willing to create static routes to my new internal networks).
My NAT configuration:
chain=srcnat out-interface=wan src-address=10.10.1.0/24 action=masquerade
chain=srcnat out-interface=wan src-address=10.10.2.0/24 action=masquerade
and connections to the internet and to those hosts(including our internal dns), that where left in the 192.168.0.0/24 network, works fine, EXCEPT there is a lot of read/write errors and disconnections from win network shares.
For example, Pc from 10.10.1.0/24 tries to use some .doc file from “\192.168.0.200\share” and after some time there is an error, saying that it is not possible write in this file. From WIN event viewer:
"
{Delayed Write Failed} Windows was unable to save all the data for the file \192.168.0.200\share\test.doc; the data has been lost. This error may be caused by network connectivity issues. Please try to save this file elsewhere.
"
There are also a static routes on the hosts on 192.168.0.0/24 about 10.10.1.0/24 and 10.10.2.0/24 networks, so that they can access workstation’s network shares on the new networks:
for example:
192.168.0.200\..\User> route add 10.10.1.0 mask 255.255.255.0 192.168.0.1 metric 2
192.168.0.200\..\User> route add 10.10.2.0 mask 255.255.255.0 192.168.0.1 metric 2
Not all the time, but sometimes they get the same errors and i think these errors are, because all the packets coming from the new networks are being NATed. but the server is not expecting packet from 192.168.0.1
Here is the graph to understand better:
WHAT I WANT TO ACHIEVE:
For the connections from 10.10.1.0/24 and 10.10.2.0/24 to hosts on 192.168.0./24 I want to bypass NAT that’s is thought only for accessing the internet.
AND MY QUESTION TO YOU GUYS IS:
If I add these NAT rules before masquerading the new networks like this:
chain=srcnat out-interface=wan src-address=10.10.1.0/24 dst-address=192.168.0.200 action=accept
chain=srcnat out-interface=wan src-address=10.10.1.0/24 dst-address=192.168.0.210 action=accept
chain=srcnat out-interface=wan src-address=10.10.1.0/24 action=masquerade
chain=srcnat out-interface=wan src-address=10.10.2.0/24 dst-address=192.168.0.200 action=accept
chain=srcnat out-interface=wan src-address=10.10.2.0/24 dst-address=192.168.0.210 action=accept
chain=srcnat out-interface=wan src-address=10.10.2.0/24 action=masquerade
Would I bypass a NAT and would Mikrotik create a connection from 10.10.1.0/24 and 10.10.2.0/24 to addresses 192.168.0.200, 192.168.0.210 without NAT?
If there is better, easier ideas how to bypass nat rule for specific hosts, please share them with me.
Thank You!