Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
506 views2 pages

NAT With Netmap and Masquerade

This document provides examples and explanations of how to configure network address translation (NAT) on a Mikrotik router. It describes setting up 1:1 public-to-private IP mapping using destination and source NAT rules. Source NAT or masquerading is used to hide private IP addresses when accessing external networks. Destination NAT links a public IP to a local private IP to allow internal devices to communicate externally. The document also provides an example of 1:1 subnet mapping between a public and private subnet using NAT rules.

Uploaded by

Irvan Wiranata
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
506 views2 pages

NAT With Netmap and Masquerade

This document provides examples and explanations of how to configure network address translation (NAT) on a Mikrotik router. It describes setting up 1:1 public-to-private IP mapping using destination and source NAT rules. Source NAT or masquerading is used to hide private IP addresses when accessing external networks. Destination NAT links a public IP to a local private IP to allow internal devices to communicate externally. The document also provides an example of 1:1 subnet mapping between a public and private subnet using NAT rules.

Uploaded by

Irvan Wiranata
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
You are on page 1/ 2

mikrotik-logo

This is a straight hands-on post.

Example of 1:1 Public-to-Private IP mapping.


/ip firewall nat add chain=dstnat dst-address=<Public IP> action=netmap to-addresses=<Private IP>
/ip firewall nat add chain=srcnat src-address=<Private IP> action=netmap to-addresses=<Public IP>

Source NAT.
Used to “hide” the private source IP Address (i.e.:192.168.1.109), aka masquerading.
To use masquerading, a source NAT rule with action 'masquerade' should be added to the firewall
configuration:

/ip firewall nat add chain=srcnat action=masquerade out-interface=Public

Above example shows you how to configure NAT on a Mikrotik router.


 

Destination NAT.
Destination NAT is used to “link” the Public IP Address (say 10.5.8.200) to the Local IP Address of your
liking (say 192.168.0.109).
This is done to allow the Local IP Address to talk to the Public IP Address.

Please note - for that to work, you should also use Source Network Address translation (please ref. to
above).

Working Example:
Add a Public IP Address to your "Public" interface:

/ip address add address=10.5.8.200/32 interface=Public

Add a rule that allows access to the Internal Server from the External Networks:

/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat to-addresses=192.168.0.109

Adds a rule that allows the Internal Server to talk to the Outer Networks (ie. by having its source IP
Address translated to 10.5.8.200):

/ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat to-addresses=10.5.8.200


Example of 1:1 Subnet Mapping.
If you want to link a WHOLE Public IP Subnet (say 11.11.11.0/24) to a Local Private IP Subnet (say to
10.10.10.0/24), you should use Destination address translation and Source address translation With the
"action=netmap".

/ip firewall nat add chain=dstnat dst-address=11.11.11.1-11.11.11.254 action=netmap to-


addresses=10.10.10.1-10.10.10.254
/ip firewall nat add chain=srcnat src-address=10.10.10.1-10.10.10..254 action=netmap to-
addresses=11.11.11.1-11.11.11.254

SRC:
http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php
ASHISH PATEL: http://forum.mikrotik.com/viewtopic.php?f=2&t=

You might also like