Community discussions

MikroTik App
 
Enrech
just joined
Topic Author
Posts: 1
Joined: Sat Jun 05, 2021 10:08 am

IP NAT for Dummy

Sat Jun 05, 2021 10:23 am

Ok. I am deffinetely not an expert with networks... Not even a begginer. I am a PLC self-made programmer (I am an engineer that had to turn into a programmer due to family problems); so I lack a lot of basic stuff to know. I am facing the following problem:
I have a network (10.0.0.xx) with a PLC, a few HMI's and a PC, a printer, and other things. And the corporation where it is installed, dont want me to bring all of these devices into their network (192.168.0.xx); they just want to "see" my PLC, which is 10.0.0.60; They gave me an IP for it: 192.168.0.153 and they want to access it through this particular IP (I have to make a master-TCP Modbus protocol to communicate, but that's no problem once the network prolem gets solved). I guess they will tell me which IP is going to be the SLAVE in the TCP communication; lets guess 192.168.0.156 i.g

So the thing is: I want to be able to ask and get answered from the outside and vice-versa (open communication) but it HAS to be ass told: They will search for 192.168.0.153, and 10.0.0.60 will answer; and i will do same with 192.168.0.156 from the 10.0.0.60.

As a really really noob; I lost the day yesterday following many tutorials about NAT with srcnat and dstnat; and so far no luck. What I've done so far:

Ethernet 1--> Set to IP 192.168.0.155
Ethernet 4--> Set to IP 10.0.0.96

Tried many combination of NAT IP filter rules without success. What I try to test the connection, is pinging 192.168.0.153 from the 192.168.0.xx subnet with a PC. I set my own PC with that IP (192.168.0.156) to make the test.

Any help; please¿?
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: IP NAT for Dummy

Tue Aug 17, 2021 6:11 pm

Guten Morgen,

Lets Start with the master-TCP Modbus (192.168.0.153) and ignore for now the Slave (192.168.0.156) part.

Setup Basic-Routing
Step 1: Set DHCP-Client on ether 1 (Corporate-Network) Alternativ : Set IP, DNS and Route manually
Step 2: Set NAT masquerade for OUT.Interface: ether1
Step 3: Configure your network (Your Network 10.0.0.0/16)

Now all your devices your should be able to communicate with the Corporate-Network and if available the Internet via the 192.168.0.153 IP-Address.

Step 4: NAT
Exemple for TCP 80 to PLC
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=10.0.0.60 to-ports=80

Add every TCP & UDP-Ports you need !


Step 5: Secure your ROuter and Network (Firewall and Co. )

Who is online

Users browsing this forum: holvoetn and 39 guests