I hope this is the right place for this question. I was allocated by my ISP a subnet of public IP addresses. In order to use it, I have to set the public IP addresses as LAN IP addresses, and then route them through a directly connected IP address, which has to be the router’s WAN address. Obviously, in this scenario NAT should be disabled, so that the public IP addresses that are configured on the LAN side be accessible from the Internet. Is it possible such a scenario with the router RB951G-2HnD, is it possible to disable NAT on this router? Thank you!
Thanks. I noticed that in the NAT section you have srcNAT and dstNAT(something like this…) as options. What option should be chosen in order for NAT not to interfere with the public IP addresses on the LAN side?
Use the “/ip route” menu, where you specify the dst address as your allocated subnet, and use your LAN card as a gateway (without an IP address…). And for everything else (0.0.0.0), specify your ISP’s gateway, as usual.
This is assuming that all of your public IPs are in the same LAN. If one of them is supposed to be behind a router using another one of those public IPs, it gets a little more complicated (in that the dst of each “inner” IP needs to use the “outer” IP as a gateway, rather than the LAN).
To clear up what looks to be a point of confusion with the original poster, on RouterOS you have to explicitly enable NAT. You seem to be assuming that it has to be explicitly disabled if not wanted. Your assumption might be true with the majority of consumer-grade home or SOHO routers, but RouterOS scales all the way from SOHO to enterprise. It’s a different beast entirely from the usual Linksys/Netgear/D-Link/etc. fare.
Unless you go out of your way to create NAT rules in the NAT chain of IP → Firewall, no NAT will happen.
Most RouterBOARD devices come with masquerade rule on ether1 predefined, making them near-equivalents to SOHO routers, so in practice, you need to disable the NAT that is enabled by default on those devices, even though yes, on x86, it’s not defined.