Newbie NAT and Port Forwarding question

RouterOS Beginner Basics
1

Hi,

I have been playing with the NAT function and dont quite have a handle on it. The overall scenario is this. I want to use this router to feed 3 customers in the same building, each with its own NATd subnet (192.168.1, 192.168.2, 192.168.3). Since each customer is to have their own public IP,

I will start with the basics. Getting the first customer NAT’d and working

The Ether1 interface has a Public IP address of 198.172.210.30/24 (from me-the wireless internet provider)
Ether2 has 192.168.1.1/24 - I want this to NAT to a public IP address on Ether2. I am not sure, but I think the way to do this is to route another block of Public IPs to this box (pointing at Ether 1 IP), and then use one for Ether 2, one for Ether3, etc.

Ether3 would be the same scenario, with one exception. Besides the "normal NAT’ requirement, the customer has a server that we need to run Remote Desktop on (port 3389 of 192.168.2.10)

Any help to get me in the ballpark would be greatly appreciated!

Paul, PDMNet
paulm at pdmnet.net

2

Greetings!

Do you mean that you want ether2 IPs NAT’ed to a public IP on ether1? And ether3 IPs NAT’ed to a public IP on ether1, with a redirect on that public IP to one box on a local net (“DMZ”)? Whew! :confused:

3

Hi ;
I think you will need only two ethernet , ether1 for the isp public ip’s and ether2 for all your three customers .
also i think you have to add some rules inside firewall NAT ass follow :
/ip firewall nat add chain=dstnat dst-address=198.172.210.20
action=netmap to-addresses=192.168.1.1
/ip firewall nat add chain=dstnat dst-address=198.172.210.21
action=netmap to-addresses=192.168.2.1
/ip firewall nat add chain=dstnat dst-address=198.172.210.22
action=netmap to-addresses=192.168.3.1
/ip firewall nat add chain=srcnat src-address=192.168.1.1
action=netmap to-addresses=198.172.210.20
/ip firewall nat add chain=srcnat src-address=192.168.2.1
action=netmap to-addresses=198.172.210.21
/ip firewall nat add chain=srcnat src-address=192.168.3.1
action=netmap to-addresses=198.172.210.22
refer to NAT document .
also you could assing the ip’s 192.168.1.1 , 192.168.2.1 , 192.168.3.1 to the same NIC and no need to use many ether .
so ether2 with supply the three clients with connection all the time .

Ether3 would be the same scenario, with one exception. Besides the "normal NAT’ requirement, the customer has a server that we need to run Remote Desktop on (port 3389 of 192.168.2.10)

do you mean that you need to login the server on the network 192.168.3.1/24 from the pc 192.168.2.10 ?

with best regards .