enable NAT on ether2 to ether9 using RB493AH

Nanflexal · October 28, 2010, 9:36am

Guys,

I got RB493AH and i want to enable NAT on ether2 to ether9 because ether1 will act as WAN port.

I won’t use switch that’s why i want to enable NAT on ether2 to ether9. im using dynamic IP (DHCP) from my ISP.

i will use this IP as gateway “10.10.10.254” and i should be able to ping device in ether2 to ether9 with IP address range from 10.10.10.1 to 10.10.10.9

Please help me guys.

Thanks

mrz · October 28, 2010, 10:53am

You need to nat traffic that goes out of ether1 (your wan interface).
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Source_NAT

Then you need to bridge or switch together eth2-eth9 and run dhcp server on bridge interface.
http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server#Basic_examples

Nanflexal · October 28, 2010, 10:57am

thanks for your reply mrz.

I forgot to mention that i will not use DHCP on my network.

I just need to enable NAT from ether2 to ether9 and i should be able to ping device attach on ether2 to ether9,

Thanks

Nanflexal · October 28, 2010, 11:02am

can you give me an example on how to create a bridge or switch together ethe2 - ethe9

thanks

SurferTim · October 28, 2010, 11:05am

Is this what you want?
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether1

You should be able to connect them as a switch. Set ether2 as the master-port on ether3-9
/interface ethernet
set X master-port=ether2

Nanflexal · October 28, 2010, 1:31pm

I manage to work this out by issuing the command. ether2 t ether9 is now working fine.

/ip address add address=10.10.10.254/24 interface=ether1
/ip firewall nat add chain=srcnat src-address=10.10.10.0/24 action=masquerade

and i create a bridge & port.

Thanks

Nanflexal · October 28, 2010, 2:46pm

this setup work but when you reboot / restart the router it will not work.

Nanflexal · October 28, 2010, 3:21pm

guys, could someone tell me what is wrong with this config. this work while the router in ON but when you reboot the server. NAT on ether2 - ether9 is not working.

/interface enable ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether8,ether9
/ip dhcp-client add interface=ether1 disabled=no
/ip address add address=10.10.10.254/24 interface=ether1
/ip firewall nat add chain=srcnat src-address=10.10.10.0/24 action=masquerade

/ ip firewall filter
add chain=input connection-state=established comment=“Accept established connections”
add chain=input connection-state=related comment=“Accept related connections”
add chain=input connection-state=invalid action=drop comment=“Drop invalid connections”
add chain=input protocol=udp action=accept comment=“UDP” disabled=no
add chain=input protocol=icmp limit=50/5s,2 comment=“Allow limited pings”
add chain=input protocol=icmp action=drop comment=“Drop excess pings”
add chain=input in-interface=ether1 src-address=10.10.0.0/24 comment=“From our LAN” action=accept
add chain=input action=log log-prefix=“DROP INPUT” comment=“Log everything else”
add chain=input action=drop comment=“Drop everything else”

/ip dns set allow-remote-requests=yes

this setup work by creating a bridge and port.

mrz · October 28, 2010, 5:16pm

Why do you set static IP and dhcp-client on ether1? As I understood static IP is for local LAN, so then which one is WAN interface?

Nanflexal · October 29, 2010, 1:02am

because i can’t figure out how to enable NAT on ether2-ether9. it is my experimental.

thanks