src-nat, dst-nat

Hugh_Hartman · May 5, 2005, 2:28pm

I have RTFM and The How to’s along with the threads, but still unable to pass traffic on the dst-nat rule,looks ok on the Src-nat end except all traffic is going out the 12.167.205.103 IP and not 1:1 NAT from 192.168.0.10 to 12.167.205.254. i can not surf,mail etc.,unless i activate masquerade,what am I missIng?

I have included the IP pool, firewall rules, IP address, routing, dhcp from export file:

may/05/2005 10:04:14 by RouterOS 2.8.25

/ ip pool
add name=“dhcp-pool-1” ranges=0.0.0.2-255.255.255.254
add name=“dhcp-lan” ranges=192.168.0.3-192.168.0.10

/ ip firewall src-nat
add src-address=192.168.0.10/32 out-interface=Public
action=nat to-src-address=12.167.205.254 comment=“”
disabled=no
add src-address=192.168.0.0/24 out-interface=Public action=nat
to-src-address=12.167.205.103 comment=“” disabled=no
add src-address=192.168.0.0/24 out-interface=Public
action=masquerade comment=“” disabled=yes
/ ip firewall dst-nat
add in-interface=Public dst-address=12.167.205.254/32
action=nat to-dst-address=192.168.0.10 comment=“”
disabled=no

/ ip address
add address=192.168.0.254/24 network=192.168.0.0
broadcast=192.168.0.255 interface=Local comment=“”
disabled=no
add address=192.168.254.2/24 network=192.168.254.0
broadcast=192.168.254.255 interface=Public comment=“”
disabled=yes
add address=12.167.205.103/24 network=12.167.205.0
broadcast=12.167.205.255 interface=Public comment=“”
disabled=no
add address=12.167.205.254/24 network=12.167.205.0
broadcast=12.167.205.255 interface=Public comment=“”
disabled=no
/ ip policy-routing rule
add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 flow=“”
interface=all action=lookup table=main comment=“”
disabled=no
/ ip policy-routing table main
add dst-address=0.0.0.0/0 gateway=192.168.254.254
preferred-source=0.0.0.0 comment=“” disabled=yes
add dst-address=0.0.0.0/0 gateway=12.167.205.1
preferred-source=0.0.0.0 comment=“” disabled=no
/ ip route
add dst-address=0.0.0.0/0 preferred-source=0.0.0.0
gateway=12.167.205.1 distance=1 comment=“” disabled=no

/ ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.254
dns-server=12.127.16.67 comment=“”
Edited the orginal export file–information overload
Thanks, hugh

Hugh_Hartman · May 5, 2005, 9:11pm

bump–edit to export file which was too lengthy

Eugene · May 6, 2005, 7:42am

The config seems to be correct. Upgrade to the latest version and if the problem persists, send support output file to support@mikrotik.com

Hugh_Hartman · May 7, 2005, 11:21am

support file sent 5/7/05,thank you