Hi,
I have tried searching but I’m not sure what to search to find this setup (or something leading to a solution). (Also my brain is not working that well)
My network: 192.168.1.0/24
Network I want to reach: 10.0.0.0/24
Mikrotik: 192.168.1.3/24 (ether1) and 10.0.0.6/24 (ether2)
I have a network where all my devices are (ether1), here I have another router that has a static route to the mikrotik device for the 10.0.0.0/24 network (The static route looks ok, when I do a traceroute I see packets going to the mikrotik device).
But what do I need to configure on the mikrotik for it to route/nat traffic from my network to the other network?
I don’t need the communication to be both ways, only for replies to come back.
This is my current config. (Basically clean)
# jun/07/2020 21:04:41 by RouterOS 6.47
# model = 960PGS
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy=\
local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/ip dhcp-client
add disabled=no interface=ether1
add disabled=no interface=ether2 use-peer-dns=no use-peer-ntp=no
/system clock
set time-zone-name=Europe/Oslo
/system identity
set name=MikroTikGatway
One thing is also routing in 10.0.0.0/24 subnet … hosts/routers there have to know that 10.0.0.6 is gateway towards 192.168.1.0/24 … If you can’t set up this part, you can enable src-nat on RB for connection between 192.168.1.0/24 and 10.0.0.0/24 … this way all connections will appear to originate from 10.0.0.6 to hosts in 10.0.0.0/24 …
Perhaps not your case, but a warning anyway: it’ll be a routing triangle between 192.168.1.x, default gateway (presumably 192.168.1.1) and RB and that will upset firewall which might oversee communications on default gateway. The problem is this: when host X sends packet towards 10.0.0.0/24, it’ll be sent to default gateway. Default gateway will follow routing table and pass it to RB. On the way back, RB will notice that destination (192.168.1.X) is directly accessible and will deliver packet without involving default gateway. FW on default gateway will thus not see the reply packet which will break its connection state machinery …
There are many different possibilities about how to solve the routing triangle problem, which one to select highly depends on exact configuration of default gateway.
Thank you for your reply.
This will only be a one way communication, so the 10.0.0.0/24 subnet does not need to know of the 192.168.1.0/24 subnet.
Thanks for the note on the routing triangle. I don’t think this will apply to me since I only use the default gateway to static route the requests, I don’t want any firewall control in those cases.
This is my working config that I ended up with. (I tried something similar before but chose interfaces instead of addresses)
# jun/08/2020 15:07:33 by RouterOS 6.47
# model = 960PGS
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy=\
local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/ip dhcp-client
add disabled=no interface=ether1
add disabled=no interface=ether2 use-peer-dns=no use-peer-ntp=no
/ip firewall nat
add action=masquerade chain=srcnat dst-address=10.0.0.0/24 src-address=192.168.1.0/24
/system clock
set time-zone-name=Europe/Oslo
/system identity
set name=MikroTikGatway