Greetings,
Let me start by saying I have probably read every post concerning RouterOS NATTing and for some reason I cannot get it to work. I have been at this for like 4 days now and finally decided to post a request for some help.
I am a process control guy, I love route-able IP ranges, so much easier for me. Unfortunately I need to make "172.16.4.52" look like "10.20.8.9". so in my head I say ok no sweat google will get me through... lol so wrong..
Here is what I am trying to accomplish I have a Modbus Gateway-"172.16.4.52" I want to be able to poll "10.20.8.9", and act the same as if I was polling 172.16.4.52 directly. I am thinking I need to NAT the two IP addresses together. Well i have tried multiple config's and here is my latest ones- any thoughts, criticisms, or anything is more than welcome.
# jan/02/1970 01:26:20 by RouterOS 6.7
# software id = xxxx-xxxx
#
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n l2mtu=2290
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=43F0023C82EB \
wpa2-pre-shared-key=43F0023C82EB
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip address
add address=10.20.8.9/32 interface=ether1 network=10.20.8.9
add address=172.16.4.240/24 interface=ether2 network=172.16.4.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.20.8.9 in-interface=ether2 \
to-addresses=172.16.4.52
add action=src-nat chain=srcnat out-interface=ether1 src-address=172.16.4.52 \
to-addresses=10.20.8.9
/ip route
add disabled=yes distance=1 gateway=172.16.4.52
/system identity
set name="The Router"
/system leds
set 0 interface=wlan1
I just exported everything but I am not even going to use the wireless right now. I just had this hardware idle and wanted to utilize its routing ability.
Re: RB751U-2Hnd NAT problems
I ran into some problems too. However, mine I got to work out after and responses/suggestion from the forum.
I did however, followed quite few YouTube videos to make sure my settings were correct. This is because I am very new to Mikrotik.
These are the links of videos I followed.
http://www.youtube.com/watch?v=PFXl9O08Kkk
http://www.youtube.com/watch?v=ulDefmf1ces
I did however, followed quite few YouTube videos to make sure my settings were correct. This is because I am very new to Mikrotik.
These are the links of videos I followed.
http://www.youtube.com/watch?v=PFXl9O08Kkk
http://www.youtube.com/watch?v=ulDefmf1ces
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB751U-2Hnd NAT problems
It isn't clear what the source of the polling is. A device with address 10.2.8.X? The IP address currently applied to ether1 is a /32 - i.e. a single IP number. Which IP range is this interface expected to talk to?
Re: RB751U-2Hnd NAT problems
hopefully I am answering this properly, a PC with an address of 10.20.8.71 should poll -10.20.8.9- and expect the same results as if i was polling 172.16.4.52 directly on the same subnet.
thank you for the quick responses.
thank you for the quick responses.
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB751U-2Hnd NAT problems
First you need to correct the entry:
The /32 setting means that this interface has no idea that there are other 10.20.8.x addresses available via this interface. Perhaps you meant to use 10.20.8.9/24 ?
Code: Select all
add address=10.20.8.9/32 interface=ether1 network=10.20.8.9
Re: RB751U-2Hnd NAT problems
add address=10.20.8.9/24 interface=ether1 network=10.20.8.0
so I made that change and I can now successfully ping 10.20.8.9 but the NAT rules still are not working.? and if I try 10.20.8.9 on port 80 it just brings me to the routers webGUI. Not to the 172.16.4.52 WebGUI.
so I made that change and I can now successfully ping 10.20.8.9 but the NAT rules still are not working.? and if I try 10.20.8.9 on port 80 it just brings me to the routers webGUI. Not to the 172.16.4.52 WebGUI.
Re: RB751U-2Hnd NAT problems
So is the 172.16.4.52 the ISP IP? If it is, once you get into your system, in your broswer bar, enter the IP (192.168.0.1) of the DHCP from that modem.
It should bring up the device login screen.
IE>your ISP has assigned the 172 to your modem, your modem is assigning a 192.168.0.4 to your router, so there for you need to go to 192.168.0.1.
It should bring up the device login screen.
IE>your ISP has assigned the 172 to your modem, your modem is assigning a 192.168.0.4 to your router, so there for you need to go to 192.168.0.1.
Re: RB751U-2Hnd NAT problems
no there is no ISP..(all private network) 172.16.4.52 is the current ip of the "Modbus gateway" device. No DHCP as all ip defined are static. I just need to be able to type 10.20.8.9. in my browser and hopefully it should act as if i was on the 172.16.4.xx subnet. so..
"MY PC (10.20.8.71) --->(Router 10.20.8.9) ---->"Modbus Gateway"(172.16.4.52)..
"MY PC (10.20.8.71) --->(Router 10.20.8.9) ---->"Modbus Gateway"(172.16.4.52)..
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB751U-2Hnd NAT problems
Can you upload the config as it stands at the moment?
Re: RB751U-2Hnd NAT problems
#
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n l2mtu=2290
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=43F0023C82EB \
wpa2-pre-shared-key=43F0023C82EB
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip address
add address=10.20.8.9/24 interface=ether1 network=10.20.8.0
add address=172.16.4.240/24 interface=ether2 network=172.16.4.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.20.8.9 in-interface=ether2 \
to-addresses=172.16.4.52
add action=src-nat chain=srcnat out-interface=ether1 src-address=172.16.4.52 \
to-addresses=10.20.8.9
/ip route
add disabled=yes distance=1 gateway=172.16.4.52
/system identity
set name="The Router"
/system leds
set 0 interface=wlan1
here you go
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n l2mtu=2290
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment=LAN
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=43F0023C82EB \
wpa2-pre-shared-key=43F0023C82EB
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip address
add address=10.20.8.9/24 interface=ether1 network=10.20.8.0
add address=172.16.4.240/24 interface=ether2 network=172.16.4.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.20.8.9 in-interface=ether2 \
to-addresses=172.16.4.52
add action=src-nat chain=srcnat out-interface=ether1 src-address=172.16.4.52 \
to-addresses=10.20.8.9
/ip route
add disabled=yes distance=1 gateway=172.16.4.52
/system identity
set name="The Router"
/system leds
set 0 interface=wlan1
here you go
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB751U-2Hnd NAT problems
Code: Select all
add action=dst-nat chain=dstnat dst-address=10.20.8.9 in-interface=ether2 \
to-addresses=172.16.4.52Code: Select all
add action=src-nat chain=srcnat out-interface=ether1 src-address=172.16.4.52 \
to-addresses=10.20.8.9Re: RB751U-2Hnd NAT problems
Still not working completely, but have to be making progress. I made the changes you suggested and now I can see packets hit both of the firewall rules. But when I look at the connections tab a tcp connection will never establish, it just says sync...
here is the changed code.
Here are a couple of screenshots.
here is the changed code.
Code: Select all
add action=dst-nat chain=dstnat dst-address=10.20.8.9 in-interface=ether1 \
to-addresses=172.16.4.52
add action=src-nat chain=srcnat dst-address=172.16.4.52 out-interface=ether2 \
to-addresses=10.20.8.9
You do not have the required permissions to view the files attached to this post.
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB751U-2Hnd NAT problems
Try changing the DST NAT ruled as follows:
add action=src-nat chain=srcnat dst-address=172.16.4.52 out-interface=ether2 \
to-addresses=172.16.4.240
add action=src-nat chain=srcnat dst-address=172.16.4.52 out-interface=ether2 \
to-addresses=172.16.4.240
Re: RB751U-2Hnd NAT problems
Finally!, that worked. I definitely have some reading to do, I still do not quite understand why that worked. But thank you very much for the help!Code: Select all
add action=dst-nat chain=dstnat dst-address=10.20.8.9 in-interface=ether1 \
to-addresses=172.16.4.52
add action=src-nat chain=srcnat dst-address=172.16.4.52 out-interface=ether2 \
to-addresses=172.16.4.240
I guess it just seems confusing "out-interface" and "to-address" of the src-NAT. does not seem like a logical solution... but then again I am very new to the Microtik world.
Thanks again,
Cypress