CGNAT with VLAN!!

Image

I have a topology like the above.

The idea is that traffic will come on VLAN 100 from 10.20.0.5 → 10.20.0.1 which is the address of the mikrotik acting as a gateway for this subnet → Mikrotik will nat this to 1.1.1.5 public ip → Traffic will pass from Mikrotik to 1.1.1.1 the gateway on the main router → Out of the main router to the internet (the routes to the internet exist on the main router already).
The VLAN 100 is used completely throughout the whole above workflow.

I am using the following URL to generate the NAT rules https://github.com/helysonoliveira/cgnat-mikrotik.

I have tried adding the address 10.20.0.1 to the Mikrotik
I have added the VLAN 100 to the Mikrotik
I have added a static route of 0.0.0.0 to ether2 which connects to the main router
I have added the rules generated with the github repo mentioned above

However, I am not successful in getting traffic routed from the client device to the main router and out on the public IP. Any help would be apprecaited.
I am using CCR-1036.

Any other info I can give let me know.

Hey,

without configuration export is difficult to say was the problem is. A “export hide-sensitive” would be nice.

A good idea to start with, would be to run a traceroute from the client to the main router or an IP address in the internet. Or even try to ping the main router.
And for testing purposes i would just use a single src-nat rule for all ip adresses in VLAN 100. To better tracedown the problem.

for example:

/ip firewall nat add chain=srcnat out-interface=ether1-wan action=src-nat to-addresses=1.1.1.5

Also there is a article to CGNAT in the mikrotik wiki.

A little hint. For the private network behind the CGNAT you can use the 100.64.0.0/10 subnet. So you don’t conflict with the normal private address space.

https://en.wikipedia.org/wiki/IPv4_shared_address_space