how to do Dynamic nat 100 private ip with /24 public ip

mukeshchaubey · January 19, 2019, 6:20pm

Hi
Can you please help me how to do Dynamic nat of apporx 100 private ip with /24 public ip pool . thanks

sebastia · January 19, 2019, 9:12pm

Hello

Not sure if I understand the question: you want to do natting from private ip’s (100) to /24 public (253) ip’s pool. Where is the challenge?

mkx · January 20, 2019, 8:54am

One of challenges is how to avoid entering 100 nat rules by hand.

The other could be (not expressed in OP) that public address pool might not be static (I don’t know any reason for it but it’s still possible).

We’ll wait for @mukeshchaubey to describe use case.

JohnTRIVOLTA · January 20, 2019, 10:52am

Use NETMAP for source nat !?

anav · January 20, 2019, 1:44pm

Confused but are we talking one to one mapping of block of public IPs to private IPs and doing so in a manner that is not tedious.
I know with zyxel router you could do that simply by stating ranges… block of public IP assign to a sequential (range) block of private IPs, quick and simple.

CZFan · January 20, 2019, 1:57pm

Typically used when you have like lots of users / devices behind a NAT to prevent running out of port numbers (PAT) for a single IP NAT but not typically for 100 users/devices, never tested, but maybe:

/ip firewall nat
add action=src-nat chain=srcnat out-interface-list=WAN src-address=192.168.88.0/24 to-addresses=201.200.200.0/24

sebastia · January 20, 2019, 2:14pm

There a wiki for that https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#1:1_mapping

JohnTRIVOLTA · January 20, 2019, 2:26pm

I think this rules will work :
/ip firewall address-list
add address=192.168.0.1-192.168.0.100 list=100private_addresses #just add your private ip addresses in address list#
/ip firewall nat
add action=accept chain=srcnat src-address-list=!100private_addresses
add action=netmap chain=srcnat src-address=192.168.0.0/24 to-addresses=1.1.1.0/24

CZFan · January 20, 2019, 4:00pm

Not really the same thing, the wiki is for 1:1, and use “netmap” as action

The intention of my example is that the router has a pool of IP’s to NAT to, i.e. I have seen it once on a Fortinet device where we had ± 4000 mobile clients NAT/PAT out on a single IP, it complaint about available ports and I had to specify a pool of IP’s for NAT/PAT.

sebastia · January 20, 2019, 4:15pm

As already pointed out, al that is academical until @mukeshchaubey responds…

mukeshchaubey · January 22, 2019, 12:27pm

Thanks for reply ..

Now I am using netmap with my private ip pool 192.168.1.0/24 with public ip pool of 103.x.x.0/24 ip address . and its working .. .. now again my quatation is if my private ip is beyond /24 . mean number of user is like 500 ..will this policy work or not … is it one to one nat policy ?

thanks for support ..