Community discussions

MikroTik App
 
williamgomes
just joined
Topic Author
Posts: 1
Joined: Tue Jun 18, 2019 7:14 pm

CGNAT with VLAN!!

Tue Jun 18, 2019 7:15 pm

Image

I have a topology like the above.

The idea is that traffic will come on VLAN 100 from 10.20.0.5 -> 10.20.0.1 which is the address of the mikrotik acting as a gateway for this subnet -> Mikrotik will nat this to 1.1.1.5 public ip -> Traffic will pass from Mikrotik to 1.1.1.1 the gateway on the main router -> Out of the main router to the internet (the routes to the internet exist on the main router already).
The VLAN 100 is used completely throughout the whole above workflow.

I am using the following URL to generate the NAT rules https://github.com/helysonoliveira/cgnat-mikrotik.

I have tried adding the address 10.20.0.1 to the Mikrotik
I have added the VLAN 100 to the Mikrotik
I have added a static route of 0.0.0.0 to ether2 which connects to the main router
I have added the rules generated with the github repo mentioned above

However, I am not successful in getting traffic routed from the client device to the main router and out on the public IP. Any help would be apprecaited.
I am using CCR-1036.

Any other info I can give let me know.
 
almdandi
newbie
Posts: 46
Joined: Sun May 03, 2015 5:22 pm

Re: CGNAT with VLAN!!

Mon Jun 24, 2019 10:40 pm

Hey,

without configuration export is difficult to say was the problem is. A "export hide-sensitive" would be nice.

A good idea to start with, would be to run a traceroute from the client to the main router or an IP address in the internet. Or even try to ping the main router.
And for testing purposes i would just use a single src-nat rule for all ip adresses in VLAN 100. To better tracedown the problem.

for example:
/ip firewall nat add chain=srcnat out-interface=ether1-wan action=src-nat to-addresses=1.1.1.5

Also there is a article to CGNAT in the mikrotik wiki.

A little hint. For the private network behind the CGNAT you can use the 100.64.0.0/10 subnet. So you don't conflict with the normal private address space.

https://en.wikipedia.org/wiki/IPv4_shared_address_space

Who is online

Users browsing this forum: No registered users and 57 guests