Hi,
I have been playing with the NAT function and dont quite have a handle on it. The overall scenario is this. I want to use this router to feed 3 customers in the same building, each with its own NATd subnet (192.168.1, 192.168.2, 192.168.3). Since each customer is to have their own public IP,
I will start with the basics. Getting the first customer NAT'd and working
The Ether1 interface has a Public IP address of 198.172.210.30/24 (from me-the wireless internet provider)
Ether2 has 192.168.1.1/24 - I want this to NAT to a public IP address on Ether2. I am not sure, but I think the way to do this is to route another block of Public IPs to this box (pointing at Ether 1 IP), and then use one for Ether 2, one for Ether3, etc.
Ether3 would be the same scenario, with one exception. Besides the "normal NAT' requirement, the customer has a server that we need to run Remote Desktop on (port 3389 of 192.168.2.10)
Any help to get me in the ballpark would be greatly appreciated!
Paul, PDMNet
paulm at pdmnet.net
Re: Newbie NAT and Port Forwarding question
Greetings!
Do you mean that you want ether2 IPs NAT'ed to a public IP on ether1? And ether3 IPs NAT'ed to a public IP on ether1, with a redirect on that public IP to one box on a local net ("DMZ")? Whew!
Do you mean that you want ether2 IPs NAT'ed to a public IP on ether1? And ether3 IPs NAT'ed to a public IP on ether1, with a redirect on that public IP to one box on a local net ("DMZ")? Whew!
-
-
ahmedsaffar76
Member
- Posts: 306
- Joined:
- Location: Iraq
Re: Newbie NAT and Port Forwarding question
Hi ;
I think you will need only two ethernet , ether1 for the isp public ip's and ether2 for all your three customers .
also i think you have to add some rules inside firewall NAT ass follow :
/ip firewall nat add chain=dstnat dst-address=198.172.210.20 \
action=netmap to-addresses=192.168.1.1
/ip firewall nat add chain=dstnat dst-address=198.172.210.21 \
action=netmap to-addresses=192.168.2.1
/ip firewall nat add chain=dstnat dst-address=198.172.210.22 \
action=netmap to-addresses=192.168.3.1
/ip firewall nat add chain=srcnat src-address=192.168.1.1 \
action=netmap to-addresses=198.172.210.20
/ip firewall nat add chain=srcnat src-address=192.168.2.1 \
action=netmap to-addresses=198.172.210.21
/ip firewall nat add chain=srcnat src-address=192.168.3.1 \
action=netmap to-addresses=198.172.210.22
refer to NAT document .
also you could assing the ip's 192.168.1.1 , 192.168.2.1 , 192.168.3.1 to the same NIC and no need to use many ether .
so ether2 with supply the three clients with connection all the time .
with best regards .
I think you will need only two ethernet , ether1 for the isp public ip's and ether2 for all your three customers .
also i think you have to add some rules inside firewall NAT ass follow :
/ip firewall nat add chain=dstnat dst-address=198.172.210.20 \
action=netmap to-addresses=192.168.1.1
/ip firewall nat add chain=dstnat dst-address=198.172.210.21 \
action=netmap to-addresses=192.168.2.1
/ip firewall nat add chain=dstnat dst-address=198.172.210.22 \
action=netmap to-addresses=192.168.3.1
/ip firewall nat add chain=srcnat src-address=192.168.1.1 \
action=netmap to-addresses=198.172.210.20
/ip firewall nat add chain=srcnat src-address=192.168.2.1 \
action=netmap to-addresses=198.172.210.21
/ip firewall nat add chain=srcnat src-address=192.168.3.1 \
action=netmap to-addresses=198.172.210.22
refer to NAT document .
also you could assing the ip's 192.168.1.1 , 192.168.2.1 , 192.168.3.1 to the same NIC and no need to use many ether .
so ether2 with supply the three clients with connection all the time .
do you mean that you need to login the server on the network 192.168.3.1/24 from the pc 192.168.2.10 ?Ether3 would be the same scenario, with one exception. Besides the "normal NAT' requirement, the customer has a server that we need to run Remote Desktop on (port 3389 of 192.168.2.10)
with best regards .
Who is online
Users browsing this forum: RogerWilco and 19 guests