First I must say this is the first time I’m using RouterOS (RB800 RouterBOARD), and it’s a part of a academic project. I’m not unexperienced in networks or computers, but I am a beginner here.
This is a network configuration: there is an 100mbit ethernet cable coming out of who-knows-where from the wall. It’s connected to ether2 on the routerboard, has its own IP, and I’d like to setup NAT on my RouterBOARD.
I managed to do most of the work. I configured wireless interface, and dhcp server on wireless interface with correct ranges. I can connect through winbox with no problems through address 10.5.50.1.
I configured two addresses in the address list:
//cut
What I need to do is to have ether2 address hidden behind NAT, so wlan1 clients can connect to the internet through it. I managed to do this by configuring a Hotspot on wlan1, which automatically configured the firewall on ether2, and then internet works fine on wireless clients. But, I’d rather do this manually.
So, I need a NAT rule which would do that (masquerade?). I tried something myself but I guess I don’t understand the networking principle all that well.
And please, since I must document the procedure, it would be nice if it were done from GUI on winbox.
Masquerade is the term for “change the source IP in the header of a packet to the IP address of the interface it is leaving through”. The above rule says “when you process source NAT (which rewrites source IPs in packet headers, and you come across a packet about to leave the router through the interface named “ether2”, rewrite the source IP in the header of that packet to the primary (preferred) IP address currently configured on the ether2 interface”.
To translate CLI to GUI just go 1:1. Click the IP button to fan out the IP menu, click the Firewall button to get to the firewall window. Click on the NAT tab. Click the + button to add an entry. Set the Chain field to srcnat, the out-interface field to ether2, and the action field to masquerade. http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Source_NAT
Thanks, I’ll try that tomorrow morning and let you know how it goes.
Just one more quick question.
In the same scenario, there wasn’t any internet access available until I added a manual route of 0.0.0.0/0 to my gateway which is //cut (I got this from another computer).
I googled this solution but didn’t really understand it, so if you would be so kind to explain it.
A router needs routes to destination to be able to determine where to send packets. 0.0.0.0/0 is a route that matches all packets that can possibly exist. So you told the router that unless it knows specifically how to get to a destination it should send all packets to 161.53.16.129. You’re setting a default gateway just like you do in Windows or other host operating systems, only most operating systems abstract this from you and call it a default gateway rather than making you enter 0.0.0.0/0 as a destination. Same thing, though: enter “route print” in the command line of a Windows machine and it will show you its routing table, and will show 0.0.0.0 with a netmask of 0.0.0.0 (which in CIDR notation is equivalent to /0) as a destination with a next hop of what you set as a default gateway in the IP address dialog of an interface.
If you need more background on this kinda stuff it would probably be a good idea to read a book on basic TCP/IP fundamentals. A forum isn’t really a good setting.
