Scribd Logo
Upload

Welcome to Scribd!

  • NAT With Netmap and Masquerade

    Uploaded by

    Irvan Wiranata
    337 views2 pages
    NAT With Netmap and Masquerade

    Copyright

    © © All Rights Reserved

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    NAT With Netmap and Masquerade

    Copyright:

    © All Rights Reserved
    Flag for inappropriate content
    337 views2 pages

    NAT With Netmap and Masquerade

    Uploaded by

    Irvan Wiranata
    NAT With Netmap and Masquerade

    Copyright:

    © All Rights Reserved
    Flag for inappropriate content
    of 2

    mikrotik-logo

    This is a straight hands-on post.

    Example of 1:1 Public-to-Private IP mapping.


    /ip firewall nat add chain=dstnat dst-address=<Public IP> action=netmap to-addresses=<Private IP>
    /ip firewall nat add chain=srcnat src-address=<Private IP> action=netmap to-addresses=<Public IP>

    Source NAT.
    Used to “hide” the private source IP Address (i.e.:192.168.1.109), aka masquerading.
    To use masquerading, a source NAT rule with action 'masquerade' should be added to the firewall
    configuration:

    /ip firewall nat add chain=srcnat action=masquerade out-interface=Public

    Above example shows you how to configure NAT on a Mikrotik router.


     

    Destination NAT.
    Destination NAT is used to “link” the Public IP Address (say 10.5.8.200) to the Local IP Address of your
    liking (say 192.168.0.109).
    This is done to allow the Local IP Address to talk to the Public IP Address.

    Please note - for that to work, you should also use Source Network Address translation (please ref. to
    above).

    Working Example:
    Add a Public IP Address to your "Public" interface:

    /ip address add address=10.5.8.200/32 interface=Public

    Add a rule that allows access to the Internal Server from the External Networks:

    /ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat to-addresses=192.168.0.109

    Adds a rule that allows the Internal Server to talk to the Outer Networks (ie. by having its source IP
    Address translated to 10.5.8.200):

    /ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat to-addresses=10.5.8.200


    Example of 1:1 Subnet Mapping.
    If you want to link a WHOLE Public IP Subnet (say 11.11.11.0/24) to a Local Private IP Subnet (say to
    10.10.10.0/24), you should use Destination address translation and Source address translation With the
    "action=netmap".

    /ip firewall nat add chain=dstnat dst-address=11.11.11.1-11.11.11.254 action=netmap to-


    addresses=10.10.10.1-10.10.10.254
    /ip firewall nat add chain=srcnat src-address=10.10.10.1-10.10.10..254 action=netmap to-
    addresses=11.11.11.1-11.11.11.254

    SRC:
    http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php
    ASHISH PATEL: http://forum.mikrotik.com/viewtopic.php?f=2&t=

    You might also like