Community discussions

MikroTik App
  4. RouterOS
  5. General

Route instead NAT  [SOLVED]

Post Reply
 
MaxMadneSS
just joined
Topic Author
Posts: 2
Joined: Sat Jan 19, 2019 1:21 pm
Location: Serbia

Route instead NAT

Sun Apr 14, 2019 1:21 pm

I am working on RB1100AHx2 version 6.44.2
Network information is in picture

Now the problem I have is that I can't make my networks communicate with each other without NAT rules.
As soon as I disable NAT rule (lets say ether3 > ether4) I can't access those PC's via windows network, like \\computer1\c$
I was thinking that all I need is new route in Route List and I tried brute-forcing my way through but that didn't workout,
and now all my local traffic is "hidden" behind NAT rules and I don't want that to be the case.

Side question, could I also dstnat traffic towards WAN instead srcnat every single network towards WAN ? We also have static public IP.


I didn't include firewall rules in picture but there are no firewall rules that block traffic between local networks.
You do not have the required permissions to view the files attached to this post.
Top
 
tangram
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Nov 16, 2016 9:55 pm

Re: Route instead NAT

Mon Apr 15, 2019 4:24 pm

Side question, could I also dstnat traffic towards WAN instead srcnat every single network towards WAN ? We also have static public IP.
You can do masq over the wan interface, so that you don't have to list every network behind it. You can't do dst-nat 'cause your changing the src not the dst :lol:

The only scenario i can think of (excepting some filter rules in firewall) to match what you say, is if those PCs have a default gateway other than the mikrotik.
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11624
Joined: Thu Mar 03, 2016 10:23 pm

Re: Route instead NAT  [SOLVED]

Mon Apr 15, 2019 4:30 pm

Windows machines by default treat anything but their own LAN subnet as evil internet. So when you try to access \\winmachine\c$ on different subnet, it's very possible that it's winmachine's firewall blocking the connection. If you perform src-nat (masquerade), then all connections from other subnets will appear to originate from router itself, thus allowing winmachine's firewall not to interfere. And this principle applies to just any service on windows machine.
Top
 
MaxMadneSS
just joined
Topic Author
Posts: 2
Joined: Sat Jan 19, 2019 1:21 pm
Location: Serbia

Re: Route instead NAT

Mon Apr 15, 2019 5:59 pm

Windows machines by default treat anything but their own LAN subnet as evil internet. So when you try to access \\winmachine\c$ on different subnet, it's very possible that it's winmachine's firewall blocking the connection. If you perform src-nat (masquerade), then all connections from other subnets will appear to originate from router itself, thus allowing winmachine's firewall not to interfere. And this principle applies to just any service on windows machine.
Indeed, it was end point security that blocked access.
Top
Post Reply

Who is online

Users browsing this forum: billjellis, Bing [Bot] and 116 guests
  4. RouterOS
  5. General