Community discussions

MikroTik App
just joined
Topic Author
Posts: 1
Joined: Tue Jun 18, 2019 7:14 pm


Tue Jun 18, 2019 7:15 pm


I have a topology like the above.

The idea is that traffic will come on VLAN 100 from -> which is the address of the mikrotik acting as a gateway for this subnet -> Mikrotik will nat this to public ip -> Traffic will pass from Mikrotik to the gateway on the main router -> Out of the main router to the internet (the routes to the internet exist on the main router already).
The VLAN 100 is used completely throughout the whole above workflow.

I am using the following URL to generate the NAT rules

I have tried adding the address to the Mikrotik
I have added the VLAN 100 to the Mikrotik
I have added a static route of to ether2 which connects to the main router
I have added the rules generated with the github repo mentioned above

However, I am not successful in getting traffic routed from the client device to the main router and out on the public IP. Any help would be apprecaited.
I am using CCR-1036.

Any other info I can give let me know.
Posts: 46
Joined: Sun May 03, 2015 5:22 pm

Re: CGNAT with VLAN!!

Mon Jun 24, 2019 10:40 pm


without configuration export is difficult to say was the problem is. A "export hide-sensitive" would be nice.

A good idea to start with, would be to run a traceroute from the client to the main router or an IP address in the internet. Or even try to ping the main router.
And for testing purposes i would just use a single src-nat rule for all ip adresses in VLAN 100. To better tracedown the problem.

for example:
/ip firewall nat add chain=srcnat out-interface=ether1-wan action=src-nat to-addresses=

Also there is a article to CGNAT in the mikrotik wiki.

A little hint. For the private network behind the CGNAT you can use the subnet. So you don't conflict with the normal private address space.

Who is online

Users browsing this forum: dioeyandika, Easpeak, meazz1 and 60 guests