Community discussions

MikroTik App
 
aleab
newbie
Topic Author
Posts: 42
Joined: Sat Sep 22, 2018 6:13 pm

internale lan netmap

Fri May 08, 2020 10:31 pm

Hello,
i have a very simple configuration.
so quick set ether1 WAN DHCP from isp , ether2-5 LAN with ip 192.168.88.1
DHCP 2-100

some devices in LAN have DHCP ip , other static ip with 192.168.88.0/24.

can i setup a netmap or other function (ex dstnat o srcnat) to call my devices with another class?
example to print i setup printer on my server with ip 192.168.88.5
but i would setup with 192.168.89.5
and for all other devices i would when i call 192.168.89.0/24 respond 192.168.88.0/24 in transparent mode, without config every device.

is it possible setup a rule in mikrotik?

thank you in advance
 
sindy
Forum Guru
Forum Guru
Posts: 5383
Joined: Mon Dec 04, 2017 9:19 pm

Re: internale lan netmap

Fri May 08, 2020 11:18 pm

Yes, action=netmap rules in chains src-nat and dst-nat of /ip firewall nat do exactly this. Just bear in mind that if you want "transparent" traffic, i.e. that connections could be established in either direction, you must have the appropriate rule in both chains, as it is still a NAT handling, i.e. it is assigned to a connection when the firewall handles its very first packet.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
aleab
newbie
Topic Author
Posts: 42
Joined: Sat Sep 22, 2018 6:13 pm

Re: internale lan netmap

Sat May 09, 2020 9:49 am

ok thank you fo reply.

so it's correct use this rules (both direction)
/ip firewall nat add chain=dstnat dst-address=192.168.89.0/24 action=netmap to-addresses=192.168.88.0/24
/ip firewall nat add chain=srcnat dst-address=192.168.88.0/24 action=netmap to-addresses=192.168.89.0/24
or i add other rules?

i will try...
thank you
 
sindy
Forum Guru
Forum Guru
Posts: 5383
Joined: Mon Dec 04, 2017 9:19 pm

Re: internale lan netmap

Sat May 09, 2020 10:13 am

You may want to restrict those rules only to traffic incoming or outgoing via a particular interface or from/to a particular remote address (or address range, or address list), but yes, the baseline rules are these.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
aleab
newbie
Topic Author
Posts: 42
Joined: Sat Sep 22, 2018 6:13 pm

Re: internale lan netmap

Sat May 09, 2020 11:53 am

ok, thank you. i have a "normal" lan with more devices but is a single class, so for now i don't need to setup particular interface or remote address.

i will try this and then post if works.

thank you again
 
aleab
newbie
Topic Author
Posts: 42
Joined: Sat Sep 22, 2018 6:13 pm

Re: internale lan netmap

Fri Jun 26, 2020 12:48 pm

work perfect
thank you

Who is online

Users browsing this forum: Google [Bot] and 86 guests