MikroTik

Hi Dear Developer Why mikroitk OS donot Support Feature Nat 444 ????

Oh, Mikrotik supports it.
Quite many (W)ISPs use it.

You will find document in wiki

https://wiki.mikrotik.com/wiki/Manual:I ... _or_NAT444

In document there is a function for cgnat it works good.

For 2G Bw i Donot USE scripts

Feature must be added like SRC Nat

What are you talking about? It's not a function/script or something. NAT444 is a conception. In terms of RouterOS functionality it's simple SRC NAT working from the box.

What exact problem do you have?

For 2G Bw i Donot USE scripts

Feature must be added like SRC Nat

did you open the link? there is no script there. it is a built in src-nat command

Function for making srcnat commands easy

If "/ip firewall nat add chain=src-nat out-interface=<public_if> action=srcnat to-address=2.2.2.2" is not easy, then one needs TP-Link WR740N - it has much more easier configuration interface

Function for making srcnat commands easy

Click + button and fill in the address. How much easier do you want it?

Function for making srcnat commands easy

Click + button and fill in the address. How much easier do you want it?

What some people appear to want (also in other threads) is more "quickset-like" functionality to setup the router for certain "common" scenarios, presenting only input fields for info that the router really cannot determine itself.
E.g. something like the "setup repeater" button in the wireless menu.
They want such things for "setup dual-WAN (2 internet connections)", for example.

Of course there are competitors in the market that have it, or that have their config more oriented towards router tasks than the technical router config oriented setup of MikroTik.
I'm not sure RouterOS should head that way. It now offers more flexibility than most competitors, and we use that a lot.
As can be seen with the current QuickSet, there is a conflict between having wizards that modify global config, and having settings for default config.
The QuickSet system easily fouls up a router config when re-applied after detailed config has been done (even when making completely unrelated changes in the QuickSet).
Having wizards for task configuration will be very risky when the user already had changed details before the wizards are used.

When everything is in QuickSet, nothing is Quick anymore.

:global sqrt do={
:for i from=0 to=$1 do={
:if (i * i > $1) do={ :return ($i - 1) }
}
}

:global addNatRules do={
/ip firewall nat add chain=srcnat action=jump jump-target=xxx \
src-address="$($srcStart)-$($srcStart + $count - 1)"

:local x [$sqrt $count]
:local y $x
:if ($x * $x = $count) do={ :set y ($x + 1) }
:for i from=0 to=$x do={
/ip firewall nat add chain=xxx action=jump jump-target="xxx-$($i)" \
src-address="$($srcStart + ($x * $i))-$($srcStart + ($x * ($i + 1) - 1))"
}

:for i from=0 to=($count - 1) do={
:local prange "$($portStart + ($i * $portsPerAddr))-$($portStart + (($i + 1) * $portsPerAddr) - 1)"
/ip firewall nat add chain="xxx-$($i / $x)" action=src-nat protocol=tcp src-address=($srcStart + $i) \
to-address=$toAddr to-ports=$prange
/ip firewall nat add chain="xxx-$($i / $x)" action=src-nat protocol=udp src-address=($srcStart + $i) \
to-address=$toAddr to-ports=$prange
}
}

In this Article You Shared Ports

100.64.1.1 2.2.2.2:2000-2099
100.64.1.2 2.2.2.2:2100-2199
100.64.1.3 2.2.2.2:2200-2299
100.64.1.4 2.2.2.2:2300-2399
100.64.1.5 2.2.2.2:2400-2499
100.64.1.6 2.2.2.2:2500-2599

If "/ip firewall nat add chain=src-nat out-interface=<public_if> action=srcnat to-address=2.2.2.2" is not easy, then one needs TP-Link WR740N - it has much more easier configuration interface

The original poster didn't make themselves clear, but people following behind looking for information on how to implement NAT444 don't want to read this kind of passive aggressive answer. Can we at least try to make these forums useful and friendly? The wiki documentation is incomplete, so can't give all the answers. (And a wiki is meant to allow collaboration)

NAT444/CGN/LSN takes effort to implement effectively. Yes, I know it's just source NAT, but it would just be called NAT if that was the only consideration. NAT444 usually comes with problems, the biggest of which seems to be accountability. Logging every NAT translation is resource consuming. RFC 7422 deterministic address mapping is a good workaround and I have used it effectively on previous Mikrotik deployments.

The script published on the wiki page doesn't work any more. I spent an hour or so working out how to fix this and discovered something has changed in RouterOS since this was published. You now need to add an extra
inside the addNatRules function. Without this it just fails. See: https://wiki.mikrotik.com/wiki/Manual:S ... r_function. I also noticed that the list of rules has an off-by-one error. The jump-list rules are one short at the top so can't reach all the rules at the bottom. I don't know how to fix this since I'm a network engineer.

So, does Mikrotik support NAT444? Well, only inasmuch as it supports NAT for IPv4. For a CGN/LSN solution you have to learn RFC 7422, installation of Mikrotik scripts, Mikrotik version numbers, differences in scripting in Mikrotik releases, and even how to re-write Mikrotik scripts. I appreciate this was given as a config macro, but don't claim it's anything but a broken example from 10 years ago, please.

Some improvements Mikrotik could make:

• Allowing RFC 7422 static rules to be deployed using the UI or even an online tool would be the ideal method
• Showing examples on how to trace back through RFC 7422 mapping would be useful
• Showing how to pin a subscriber to their mapping would also help.
• Fixing the documentation and scripts is vital, since it makes your position weaker when blaming customers for getting confused

Without this Mikrotik can't claim to have a solution, just a bit of NAT and a broken script.

Ben

When everything is in QuickSet, nothing is Quick anymore and it turns into quicksand quickly!

Couldn't resist.

Grrrrrr !

I just went through this mess ( prior to looking at these forum posts ) and was beating my head against a wall trying to figure out why I could not follow the NAT444 procedure located at:
https://wiki.mikrotik.com/wiki/Manual:I ... Source_NAT
Grrrrrr !

So , is there any valid working documentation showing how to properly configure NAT444 on a Mikrotik ( I will be using a CHR ).
I am also wanting to use the port ranges similar to what was on the non-working web page --> https://wiki.mikrotik.com/wiki/Manual:I ... Source_NAT
I like the idea of being able to know IP and port ( from an abuse notice ) and be able to quickly figure out what customer I need to talk to.

North idaho Tom Jones

Im still luvin Love Hz as a name, friggen awesome!!
https://www.youtube.com/watch?v=soDZBW-1P04