Community discussions

MikroTik App
 
slimzash
just joined
Topic Author
Posts: 1
Joined: Sun Aug 29, 2021 3:34 pm

Need Advice: How to properly configure NAT

Sun Aug 29, 2021 4:48 pm

Hello,
I am trying to implement a simple home solution using Mikrotik RB450 device.
Internet schema - Levski-G-2.png

Below is my configuration, but NAT does not work (as I expected).

Please, advice:
Shall I assignee the IP address to WAN and LAN interfaces instead of ether1 and ether4 ? hence, the NAT option "in-interface" as well to WAN and LAN
[*]95.*.*.1 > WAN
[*]192.168.0.1 > LAN

or otherwise:
Shall I adjust the IP route to interfaces ether1 and ether4 instead of WAN and LAN ?
[*] 0.0.0.0/0 > ether1
[*]95.*.*.0/26 > ether 1
[*]192.168.1.0/24 > ether 4

Additionally, ping does not work as I expected. The ping is possible only when using the WAN or LAN interfaces (ether1/4 does not work).
[*@MikroTik] > /ping 192.168.1.100 interface=ether4
192.168.1.100 ping timeout
192.168.1.100 ping timeout
3 packets transmitted, 0 packets received, 100% packet loss
[*@MikroTik] > /ping 192.168.1.100 interface=LAN
192.168.1.100 with hw-addr 70:85:C2:70:F7:25 ping time=1 ms
192.168.1.100 with hw-addr 70:85:C2:70:F7:25 ping time<1 ms
=================

[*@MikroTik] > ping 95.*.*.1 interface=ether1
95.*.*.1 ping timeout
95.*.*.1 ping timeout
3 packets transmitted, 0 packets received, 100% packet loss
[*@MikroTik] > ping 95.*.*.1 interface=WAN
95.*.*.1 with hw-addr D8:67:D9:7B:B6:82 ping time=1 ms
95.*.*.1 with hw-addr D8:67:D9:7B:B6:82 ping time=1 ms
2 packets transmitted, 2 packets received, 0% packet loss

And here is the full configuration set:
[*@MikroTik] /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                                         TYPE             MTU   L2MTU
 0  R  ether1                                                       ether            1500  1526
 1  R  ether2                                                       ether            1500  1522
 2     ether3                                                       ether            1500  1522
 3  R  ether4                                                       ether            1500  1522
 4  R  ether5                                                       ether            1500  1522
 5  R  WAN                                                          bridge           1500  1522
 6  R  LAN                                                          bridge           1500  1522
=================

[*@MikroTik] /interface bridge> /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
 #    INTERFACE                       BRIDGE                      PRIORITY PATH-COST  HORIZON
 0    ether1                          WAN                         0x80     10         none
 1    ether2                          WAN                         0x80     10         none
 2 I  ether3                          LAN                         0x80     10         none
 3    ether4                          LAN                         0x80     10         none
 4    ether5                          LAN                         0x80     10         none
=================

[*@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE
 0   ;;; default configuration
     95.*.*.54/26       95.*.*.0        95.*.*.63       ether1
 1   192.168.1.1/24     192.168.1.0     192.168.1.255   ether4
=================
 
 [*@MikroTik] /ip address> /ip dhcp-server network print
 # ADDRESS            GATEWAY         DNS-SERVER      WINS-SERVER     DOMAIN
 0 192.168.1.0/24     192.168.1.1     95.*.*.1
                                      89.*.*.*
                                      8.8.8.8
=================


[*@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY-STATE GATEWAY            DISTANCE INTERFACE
 0 A S  0.0.0.0/0                          reachable     95.*.*.1           1        WAN
                                           reachable     WAN                         WAN
 1 ADC  95.*.*.0/26     95.*.*.54                                           0        WAN
 2 ADC  192.168.1.0/24     192.168.1.1                                      0        LAN

=================

 [*@MikroTik]> /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=srcnat action=masquerade out-interface=ether1

 1   chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=3389 protocol=tcp in-interface=ether1 dst-port=3389

 2   chain=dstnat action=dst-nat to-addresses=192.168.1.200 to-ports=22 protocol=tcp in-interface=ether1 dst-port=2022
=================


You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: jookraw and 50 guests