I just got my first Mikrotik Router (RB750G) and after playing around with it I am ready to get this configured for my workplace.
I have a /28 block of IP’s. I currently have 6 1:1 NAT connections configured in my old router I want to replace. I am trying to 1:1 NAT the servers and then use src-nat to force all the workstations to “leave” the office under the same IP (which is different from the 1:1 Nat IP’s). All public IP’s are in the /28 block.
I can’t seem to get the easiest part done first. My DHCP workstation connect and get an IP but no internet access. Here is what I have:
In winbox I have the following for IP’s
Address: X.X.173.96/28 - Network: X.X.173.96 - Broadcast - 70.89.173.111 - Interface: WAN
Address: 192.168.14.1/24 - Network: 192.168.14.0 - Broadcast - 192.168.14.255 - Interface: LAN1
Routes:
I have the two routes that automatically get created by creating the IP addresses. I then made the additional route:
S - Destination Address 0.0.0.0/0 - Gateway: 70.89.173.110 - Distance: 1
Nat:
Since I am just trying to get internet up first I have only one entry (that is probably my problem)
Action:src-nat - Chain: srcnat - Source IP: 192.168.14.1 To Address: X.X.173.110
Please let me know if there is a log file that would make my settings easier to understand. My ultimate goal is to have my DHCP workstations going out on X.X.173.109. I will then need to configure my 1:1 NAT settings.
Here’s the 1:1 NAT rules, using 192.168.14.10 and 192.168.14.11 being translated to X.X.173.97 and X.X.173.98. Then there’s a generic source NAT rule for all other hosts on the network translating them to X.X.173.109. Note that order is important and that other 1:1 NAT rules must come before the generic masquerade rule. You have to assign all the IP addresses you want to use to the WAN interface. Also note that your existing WAN IP address as you show it is wrong. .96 is a network address. You can only use .97 through .109 if .110 is the gateway on the other side.