Community discussions

MikroTik App
 
MauMikrotik
just joined
Topic Author
Posts: 5
Joined: Thu Apr 13, 2023 6:19 pm

1:1 NAT configuration between two VLANs

Thu Apr 13, 2023 7:23 pm

Hi all guys, I'm new to Mikrotik but before posting this new topic I've done a lot of searches on the web without find a solution.

I have two VLANs configured under same bridge.

10.0.10.x/24 subnet - VLAN10
10.0.20.x/24 subnet - VLAN20

Using WinBox I've created a firewall rule that allow all the traffic from some VLAN20's IP to all the 10.0.10.x/24.
It works fine, I'm able to reach those IPs from any device under VLAN10. Since I'm a newbie I'm happy for this result!

For a particular device configuration I need to create a 1:1 NAT between 10.0.10.221 to 10.0.20.1.
The final target is: assuming that I'm on 10.0.10.13 IP, I'm able to ping 10.0.10.221 (because the NAT will redirect my ping to 10.0.20.1).

I've tried to configure a "dst nat" but it seem not working.
I've also tried to configure a "dst nat" over "netmap" but it's the same...

I'm a little bit confused... I have a great knowledge and great skills on NAT configuration over many other brand devices like Fortinet, Sonicwall, Zyxel, Altaro, Ubiquiti Unify,... but here I need your help.
May I ask for your suggestion on how I can configure this simple kind of NAT?
Many thanks in advance.

Bye!
 
MauMikrotik
just joined
Topic Author
Posts: 5
Joined: Thu Apr 13, 2023 6:19 pm

Re: 1:1 NAT configuration between two VLANs

Tue Apr 18, 2023 3:08 pm

Hi guys, nobody know how configure a simple NAT on Mikrotik?
Nobody can help me?

Thank you!
Bye!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 1:1 NAT configuration between two VLANs

Tue Apr 18, 2023 4:12 pm

Perhaps add a network diagram because I dont understand the request.
You use config language dst-nat etc, to describe a requirement.

I understand
identify a user, group of users, device, group of devices
identify what traffic flow they need, ( without any config talk )
 
MauMikrotik
just joined
Topic Author
Posts: 5
Joined: Thu Apr 13, 2023 6:19 pm

Re: 1:1 NAT configuration between two VLANs

Thu Apr 20, 2023 11:32 am

Hi anav, thank you for your reply!
Sure, attached a simple diagram of what i need to obtain from this NAT configuration.

I have created this thing on Fortinet in this way:

- I've created the IP object 10.0.10.221 with name Device1
- I've created the IP object 10.0.20.1 with name NatDevice1
- I've create a firewall policy that allow traffic from VLAN10 with source Device1 to VLAN20 with destination NatDevice1

If I'm on 10.0.10.13 IP, for example, and I ping 10.0.10.221, i receive reply with no problems.

I'm not understanding how I can replicate this configuration on Mikrotik logic.
Thank you so much for your help.
You do not have the required permissions to view the files attached to this post.
 
MauMikrotik
just joined
Topic Author
Posts: 5
Joined: Thu Apr 13, 2023 6:19 pm

Re: 1:1 NAT configuration between two VLANs

Thu Apr 20, 2023 12:39 pm

Hi again, I've an update.

I've created a dst-nat and enabled logs.

Then I started a ping -t from 10.0.10.13 to 10.0.10.221.

As I can see from them the ping is triggering this NAT because I can see traffic.

Log message:
dstnat: in:VLAN10 out:(unknown 0), src-mac c4:9d:ff:a9:75:c5, proto ICMP (type 8, code 0), 10.0.10.13->10.0.10.221, len 60

I suppose that the problem is the outgoing interface... it is different from "VLAN10" incomping interface... how can I explain to the dst-nat that the outgoing interface should be different? In the NAT rule window I can only input a destination address without specify is interface...

Thank you!
 
MauMikrotik
just joined
Topic Author
Posts: 5
Joined: Thu Apr 13, 2023 6:19 pm

Re: 1:1 NAT configuration between two VLANs

Thu Apr 20, 2023 3:24 pm

Finally I've found the solution: I've configured a dst-nat chain with netmap action.

It's working fine.

Thank you for the support.
Have a nice day!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 1:1 NAT configuration between two VLANs

Thu Apr 20, 2023 6:47 pm

Glad you have it solved, it sounded like a dstnat of some sort but without the use case I was in the dark.
I have no clue what you were trying to accomplish from a laypersons perspective........

Who is online

Users browsing this forum: holvoetn, tangent and 32 guests