I am trying to implement a simple home solution using Mikrotik RB450 device.
Below is my configuration, but NAT does not work (as I expected).
Please, advice:
Shall I assignee the IP address to WAN and LAN interfaces instead of ether1 and ether4 ? hence, the NAT option "in-interface" as well to WAN and LAN
[*]95.*.*.1 > WAN
[*]192.168.0.1 > LAN
or otherwise:
Shall I adjust the IP route to interfaces ether1 and ether4 instead of WAN and LAN ?
[*] 0.0.0.0/0 > ether1
[*]95.*.*.0/26 > ether 1
[*]192.168.1.0/24 > ether 4
Additionally, ping does not work as I expected. The ping is possible only when using the WAN or LAN interfaces (ether1/4 does not work).
Code: Select all
[*@MikroTik] > /ping 192.168.1.100 interface=ether4
192.168.1.100 ping timeout
192.168.1.100 ping timeout
3 packets transmitted, 0 packets received, 100% packet loss
[*@MikroTik] > /ping 192.168.1.100 interface=LAN
192.168.1.100 with hw-addr 70:85:C2:70:F7:25 ping time=1 ms
192.168.1.100 with hw-addr 70:85:C2:70:F7:25 ping time<1 ms
=================
[*@MikroTik] > ping 95.*.*.1 interface=ether1
95.*.*.1 ping timeout
95.*.*.1 ping timeout
3 packets transmitted, 0 packets received, 100% packet loss
[*@MikroTik] > ping 95.*.*.1 interface=WAN
95.*.*.1 with hw-addr D8:67:D9:7B:B6:82 ping time=1 ms
95.*.*.1 with hw-addr D8:67:D9:7B:B6:82 ping time=1 ms
2 packets transmitted, 2 packets received, 0% packet loss
And here is the full configuration set:
Code: Select all
[*@MikroTik] /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU
0 R ether1 ether 1500 1526
1 R ether2 ether 1500 1522
2 ether3 ether 1500 1522
3 R ether4 ether 1500 1522
4 R ether5 ether 1500 1522
5 R WAN bridge 1500 1522
6 R LAN bridge 1500 1522
=================
[*@MikroTik] /interface bridge> /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 ether1 WAN 0x80 10 none
1 ether2 WAN 0x80 10 none
2 I ether3 LAN 0x80 10 none
3 ether4 LAN 0x80 10 none
4 ether5 LAN 0x80 10 none
=================
[*@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; default configuration
95.*.*.54/26 95.*.*.0 95.*.*.63 ether1
1 192.168.1.1/24 192.168.1.0 192.168.1.255 ether4
=================
[*@MikroTik] /ip address> /ip dhcp-server network print
# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
0 192.168.1.0/24 192.168.1.1 95.*.*.1
89.*.*.*
8.8.8.8
=================
[*@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY-STATE GATEWAY DISTANCE INTERFACE
0 A S 0.0.0.0/0 reachable 95.*.*.1 1 WAN
reachable WAN WAN
1 ADC 95.*.*.0/26 95.*.*.54 0 WAN
2 ADC 192.168.1.0/24 192.168.1.1 0 LAN
=================
[*@MikroTik]> /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=ether1
1 chain=dstnat action=dst-nat to-addresses=192.168.1.100 to-ports=3389 protocol=tcp in-interface=ether1 dst-port=3389
2 chain=dstnat action=dst-nat to-addresses=192.168.1.200 to-ports=22 protocol=tcp in-interface=ether1 dst-port=2022
=================