NAT 1:1 on Mikrotik - without gateway on the client device

sktop · Wed Mar 27, 2024 2:07 pm

Hi,

Is it possible to create NAT 1:1 rules on a Mikrotik device to reach PLC devices which do not have gateway assigned?

I am planning to setup some Mikrorik device with two external IP's assigned to Ether1 and wishing to create NAT 1:1 rules to the two PLC's which only have IP and MASK. I do not have access to PLC's and I can not change their network configuration.

I believe I need two rules dst-nat and src-nat... and I am not sure if this will work:

/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.40.100.20 protocol=tcp to-addresses=192.168.0.20
add action=src-nat chain=srcnat dst-address=192.168.0.20 protocol=tcp to-addresses=192.168.0.1
add action=dst-nat chain=dstnat dst-address=10.40.100.30 protocol=tcp to-addresses=192.168.0.30
add action=src-nat chain=srcnat dst-address=192.168.0.30 protocol=tcp to-addresses=192.168.0.1

mkx · Wed Mar 27, 2024 7:32 pm

These NAT rules should be fine.

If you can set up routes on "WAN" side and PLC address space doesn't clash with addresses on WAN side, then you could set route (dst 192.168.0.0/24 gateway 10.40.100.X (where this address is router's WAN IP address). Then you only need single SRC-NAT rule:

/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.0.0/24 protocol=tcp

(actually you could replace both SRC-NAT rules with the rule above already in your set of 4 NAT rules as it covers both and more ... unless you want to be specific about dst-addresses due to some reason).

NAT 1:1 on Mikrotik - without gateway on the client device

NAT 1:1 on Mikrotik - without gateway on the client device

Re: NAT 1:1 on Mikrotik - without gateway on the client device

Who is online