How to link Public addresses to Local ones

Home

Using Network Address Translation (NAT), private IP addresses on LAN are replaced by public IP addresses. This lets computers on LAN share public IP addresses.

Let us assume two addresses (10.0.0.216 and 10.0.0.217) are assigned to the router. In this example we will 'full NAT' the internal address 192.168.0.4 to the external 10.0.0.216 one while keeping 10.0.0.217 for the router itself as well as for masquerading the internal network. To setup the router follow the steps listed below.

1. Add 10.0.0.216/24 and 10.0.0.217/24 addresses to the router's Public interface and 192.168.0.254/24 to the router's Local interface:

[admin@MikroTik] ip address> add address=10.0.0.216/24 interface=Public
[admin@MikroTik] ip address> add address=10.0.0.217/24 interface=Public
[admin@MikroTik] ip address> add address=192.168.0.254/24 interface=Local

2. Add the default route to the router, but be aware of having two addresses. You should specify the address that the router will be using while talking to the outer networks:

[admin@MikroTik] ip route> add gateway=10.0.0.1 prefsrc=10.0.0.217

3. Add DST-NAT rule allowing access to the internal server from external networks:

[admin@MikroTik] ip firewall nat> add action=dst-nat chain=dstnat dst-address=10.0.0.216/32 to-addresses=192.168.0.4

4. To add SRC-NAT rules allowing the internal server to talk to the outer networks having its source address translated to 10.0.0.216, while translating other internal hosts' source addresses to 10.0.0.217:

[admin@MikroTik] ip firewall nat> add action=src-nat chain=srcnat src-address=192.168.0.4/32 to-addresses=10.0.0.216
[admin@MikroTik] ip firewall nat> add action=src-nat chain=srcnat src-address=192.168.0.0/24 to-addresses=10.0.0.217