Guys, need some help pls.
I have an assignment: to show 3 types of NAT: Static (basic, 1:1) NAT, Dynamic NAT, NAT overloaded (NAPT or PAT).
I work in VirtualBox, have the following network:
Windows1, Windows2 ------Mikrotik1 (with NAT) -------Mikrotik2 --------------Windows3
Routing protocol I chose is RIP, put static ip addresses everywhere. Windows1, Windows2, Mikrotik1 - LAN.
There is also only one Public IP for Mikrotik1 with NAT. Winbox and WireShark are installed.
What I need to get:
Static (basic, 1:1) NAT - Windows1 can work over NAT, Windows2 can not. (because only 1 Public IP is used for Windows1)
Dynamic NAT - Windows2 can work only when 1st finished a session. They can’t both send traffic at same time (because only 1 Public IP is used)
NAT overloaded (NAPT or PAT) - both Windows can work, because traffic follows from different ports.
What I have already done:
Tried to set static NAT:
ip firewall nat add chain=“srcnat” action “src-nat” interface-out=“ether2” src-address=“192.168.0.2” to-addresses=“10.10.9.2”
ip firewall nat add chain=“dstnat” action “dst-nat” interface-in=“ether2” dst-address=“10.10.9.2” to-addresses=“192.168.0.2”
After this I ping Windows3 from Windows1, look packets in WireShark - ip changed, it seems OK, then do ping from Windows3, it’s OK, but when I try to ping from Windows2 - ip did not change, it stays the same 192.168.0.3. This is the first problem. The second is that ping shouldn’t pass through, cause NAT is setted to work only with ip 192.168.0.2 (Windows1). Of course I can use firewall filter to block packets from other ips, but this is not correct, NAT should do it. Can’t get where’s mistake.
Dynamic NAT. I tried:
ip firewall nat add chain=“srcnat” action “src-nat” interface-out=“ether2” src-address=“192.168.0.0/24” to-addresses=“10.10.9.2”
ip firewall nat add chain=“dstnat” action “dst-nat” interface-in=“ether2” dst-address=“10.10.9.2” to-addresses=“192.168.0.0/24”
In this case WireShark shows that ip wasn’t changed. The packets go through with 192 ip from both Windows.
Tried:
ip firewall nat add chain=“srcnat” action=“masquerade” out-interface=“ether2”
Then I watched the traffic, ip was changed from both OS, BUT according to how dynamic NAT works, when
there is only one Public IP, it should be dynamicly assigned to such Windows, that begins to send packets first.
I’ve tried to ping from both Windows, packets simply go through.
As for NAT overloaded (PAT) (where both OS can work using different ports), I tried to add protocols tcp, src-port, to-ports, but still nothing goes right.
Please anyone tell me what my mistake is or what I don’t understand, actually I text in forums very seldom, trying to find the answer from google, but I have already read all manuals I could find, nothing helps.