Community discussions

MikroTik App
 
raminmalek
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Sun Nov 02, 2008 5:51 pm

why mikrotik donot support nat 444

Sun Oct 01, 2017 5:31 pm

Hi Dear Developer Why mikroitk OS donot Support Feature Nat 444 ????
 
sup5
Member
Member
Posts: 359
Joined: Sat Jul 10, 2010 12:37 am

Re: why mikrotik donot support nat 444

Sun Oct 01, 2017 6:05 pm

Oh, Mikrotik supports it.
Quite many (W)ISPs use it.
 
sakirozkan
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sat Jun 14, 2014 12:19 pm

Re: why mikrotik donot support nat 444

Sun Oct 01, 2017 8:19 pm

You will find document in wiki

https://wiki.mikrotik.com/wiki/Manual:I ... _or_NAT444

In document there is a function for cgnat it works good.
 
raminmalek
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Sun Nov 02, 2008 5:51 pm

Re: why mikrotik donot support nat 444

Tue Oct 03, 2017 11:33 pm

For 2G Bw i Donot USE scripts
:D :D :D
Feature must be added like SRC Nat
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: why mikrotik donot support nat 444

Wed Oct 04, 2017 6:58 am

What are you talking about? It's not a function/script or something. NAT444 is a conception. In terms of RouterOS functionality it's simple SRC NAT working from the box.

What exact problem do you have?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: why mikrotik donot support nat 444

Wed Oct 04, 2017 8:59 am

For 2G Bw i Donot USE scripts
:D :D :D
Feature must be added like SRC Nat
did you open the link? there is no script there. it is a built in src-nat command
 
sakirozkan
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Sat Jun 14, 2014 12:19 pm

Re: why mikrotik donot support nat 444

Wed Oct 04, 2017 11:20 pm

Function for making srcnat commands easy
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: why mikrotik donot support nat 444

Thu Oct 05, 2017 8:41 am

If "/ip firewall nat add chain=src-nat out-interface=<public_if> action=srcnat to-address=2.2.2.2" is not easy, then one needs TP-Link WR740N - it has much more easier configuration interface :)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: why mikrotik donot support nat 444

Thu Oct 05, 2017 8:42 am

Function for making srcnat commands easy
Click + button and fill in the address. How much easier do you want it?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: why mikrotik donot support nat 444

Thu Oct 05, 2017 10:29 am

Function for making srcnat commands easy
Click + button and fill in the address. How much easier do you want it?
What some people appear to want (also in other threads) is more "quickset-like" functionality to setup the router for certain "common" scenarios, presenting only input fields for info that the router really cannot determine itself.
E.g. something like the "setup repeater" button in the wireless menu.
They want such things for "setup dual-WAN (2 internet connections)", for example.

Of course there are competitors in the market that have it, or that have their config more oriented towards router tasks than the technical router config oriented setup of MikroTik.
I'm not sure RouterOS should head that way. It now offers more flexibility than most competitors, and we use that a lot.
As can be seen with the current QuickSet, there is a conflict between having wizards that modify global config, and having settings for default config.
The QuickSet system easily fouls up a router config when re-applied after detailed config has been done (even when making completely unrelated changes in the QuickSet).
Having wizards for task configuration will be very risky when the user already had changed details before the wizards are used.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: why mikrotik donot support nat 444

Thu Oct 05, 2017 10:31 am

When everything is in QuickSet, nothing is Quick anymore.
 
raminmalek
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Sun Nov 02, 2008 5:51 pm

Re: why mikrotik donot support nat 444

Thu Oct 05, 2017 10:54 am

:global sqrt do={
:for i from=0 to=$1 do={
:if (i * i > $1) do={ :return ($i - 1) }
}
}

:global addNatRules do={
/ip firewall nat add chain=srcnat action=jump jump-target=xxx \
src-address="$($srcStart)-$($srcStart + $count - 1)"

:local x [$sqrt $count]
:local y $x
:if ($x * $x = $count) do={ :set y ($x + 1) }
:for i from=0 to=$x do={
/ip firewall nat add chain=xxx action=jump jump-target="xxx-$($i)" \
src-address="$($srcStart + ($x * $i))-$($srcStart + ($x * ($i + 1) - 1))"
}

:for i from=0 to=($count - 1) do={
:local prange "$($portStart + ($i * $portsPerAddr))-$($portStart + (($i + 1) * $portsPerAddr) - 1)"
/ip firewall nat add chain="xxx-$($i / $x)" action=src-nat protocol=tcp src-address=($srcStart + $i) \
to-address=$toAddr to-ports=$prange
/ip firewall nat add chain="xxx-$($i / $x)" action=src-nat protocol=udp src-address=($srcStart + $i) \
to-address=$toAddr to-ports=$prange
}
}
 
raminmalek
Member Candidate
Member Candidate
Topic Author
Posts: 156
Joined: Sun Nov 02, 2008 5:51 pm

Re: why mikrotik donot support nat 444

Thu Oct 05, 2017 10:55 am

In this Article You Shared Ports

100.64.1.1 2.2.2.2:2000-2099
100.64.1.2 2.2.2.2:2100-2199
100.64.1.3 2.2.2.2:2200-2299
100.64.1.4 2.2.2.2:2300-2399
100.64.1.5 2.2.2.2:2400-2499
100.64.1.6 2.2.2.2:2500-2599
 
User avatar
lovehz
just joined
Posts: 10
Joined: Tue May 17, 2016 10:45 pm

Re: why mikrotik donot support nat 444

Mon Mar 25, 2019 5:02 pm

If "/ip firewall nat add chain=src-nat out-interface=<public_if> action=srcnat to-address=2.2.2.2" is not easy, then one needs TP-Link WR740N - it has much more easier configuration interface :)

The original poster didn't make themselves clear, but people following behind looking for information on how to implement NAT444 don't want to read this kind of passive aggressive answer. Can we at least try to make these forums useful and friendly? The wiki documentation is incomplete, so can't give all the answers. (And a wiki is meant to allow collaboration)

NAT444/CGN/LSN takes effort to implement effectively. Yes, I know it's just source NAT, but it would just be called NAT if that was the only consideration. NAT444 usually comes with problems, the biggest of which seems to be accountability. Logging every NAT translation is resource consuming. RFC 7422 deterministic address mapping is a good workaround and I have used it effectively on previous Mikrotik deployments.

The script published on the wiki page doesn't work any more. I spent an hour or so working out how to fix this and discovered something has changed in RouterOS since this was published. You now need to add an extra
 :global sqrt
inside the addNatRules function. Without this it just fails. See: https://wiki.mikrotik.com/wiki/Manual:S ... r_function. I also noticed that the list of rules has an off-by-one error. The jump-list rules are one short at the top so can't reach all the rules at the bottom. I don't know how to fix this since I'm a network engineer.

So, does Mikrotik support NAT444? Well, only inasmuch as it supports NAT for IPv4. For a CGN/LSN solution you have to learn RFC 7422, installation of Mikrotik scripts, Mikrotik version numbers, differences in scripting in Mikrotik releases, and even how to re-write Mikrotik scripts. I appreciate this was given as a config macro, but don't claim it's anything but a broken example from 10 years ago, please.

Some improvements Mikrotik could make:
  • Allowing RFC 7422 static rules to be deployed using the UI or even an online tool would be the ideal method
  • Showing examples on how to trace back through RFC 7422 mapping would be useful
  • Showing how to pin a subscriber to their mapping would also help.
  • Fixing the documentation and scripts is vital, since it makes your position weaker when blaming customers for getting confused
Without this Mikrotik can't claim to have a solution, just a bit of NAT and a broken script.

Ben
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19101
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: why mikrotik donot support nat 444

Mon Mar 25, 2019 8:43 pm

When everything is in QuickSet, nothing is Quick anymore and it turns into quicksand quickly!
Couldn't resist.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1493
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: why mikrotik donot support nat 444

Fri Dec 03, 2021 10:21 pm

Grrrrrr !

I just went through this mess ( prior to looking at these forum posts ) and was beating my head against a wall trying to figure out why I could not follow the NAT444 procedure located at:
https://wiki.mikrotik.com/wiki/Manual:I ... Source_NAT
Grrrrrr !

So , is there any valid working documentation showing how to properly configure NAT444 on a Mikrotik ( I will be using a CHR ).
I am also wanting to use the port ranges similar to what was on the non-working web page --> https://wiki.mikrotik.com/wiki/Manual:I ... Source_NAT
I like the idea of being able to know IP and port ( from an abuse notice ) and be able to quickly figure out what customer I need to talk to.

North idaho Tom Jones
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19101
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: why mikrotik donot support nat 444

Sat Dec 04, 2021 5:18 am

Im still luvin Love Hz as a name, friggen awesome!!
https://www.youtube.com/watch?v=soDZBW-1P04

Who is online

Users browsing this forum: Amazon [Bot], eddieb, hatred, infabo, Michiganbroadband, PavelRadvan and 78 guests