Wednesday, February 24, 2010

Basic Ethernet Router with NAT and Destination NAT

This is a pretty basic config, just mainly adding it for my own reference. This setup is public on eth2 and private on eth5. NAT all private traffic to the main Public IP on eth2 and then doing Destination NAT on several public ip addresses to their private ips.


# feb/24/2010 11:51:54 by RouterOS 4.4
#

DHCP
/ip pool add name=dhcp-pool-1 ranges=192.168.1.100-192.168.1.200
/ip dhcp-server add address-pool=dhcp-pool-1 authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether5 lease-time=3d name=dhcp1
/ip dhcp-server network add address=192.168.1.0/24 comment="private dhcp" dns-server=209.173.36.11 \
gateway=192.168.1.254

IP Addresses

/ip address add address=xx.xx.xx.22/29 broadcast=xx.xx.xx.23 comment="public main ip" \
disabled=no interface=ether2 network=xx.xx.xx.16 add address=192.168.1.254/24 broadcast=192.168.1.255 comment="private main ip" \
disabled=no interface=ether5 network=192.168.1.0 add address=xx.xx.xx.18/32 broadcast=xx.xx.xx.18 comment="" disabled=no \
interface=ether2 network=xx.xx.xx.18 add address=xx.xx.xx.19/32 broadcast=xx.xx.xx.19 comment="" disabled=no \
interface=ether2 network=xx.xx.xx.19 add address=xx.xx.xx.20/32 broadcast=xx.xx.xx.20 comment="" disabled=no \
interface=ether2 network=xx.xx.xx.20
/ip route add comment="default route" disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=xx.xx.xx.17 scope=30 target-scope=10


NAT

/ip firewall nat add action=src-nat chain=srcnat comment="" disabled=no src-address=\
192.168.1.0/24 to-addresses=xx.xx.xx.22 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
xx.xx.xx.18 to-addresses=192.168.1.87 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
xx.xx.xx.19 to-addresses=192.168.1.238 add action=dst-nat chain=dstnat comment="" disabled=no dst-address=\
xx.xx.xx.20 to-addresses=192.168.1.45

Leftovers

/system clock set time-zone-name=America/Chicago
/system clock manual set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system identity set name=Customer1
/system ntp client set enabled=yes mode=unicast primary-ntp=192.43.244.18 secondary-ntp=\
66.187.224.4

Posted by at
Labels: , , , ,

3 comments:

  1. UnknownNovember 13, 2018 at 1:44 AM

    /system clock set time-zone-name=America/Chicago
    /system clock manual set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00
    /system identity set name=Customer1
    router ip address

    ReplyDelete
  2. Faiza JeeMay 17, 2019 at 10:07 PM

    Believe it or not, it is the type of information I’ve long been trying to find. It matches to my requirements a lot. Thank you for writing this information. https://192-168-i-i.com/

    ReplyDelete
  3. Seagate ControlsJanuary 7, 2021 at 8:50 PM

    This post is really awesome. Genuinely i like this blog. It gives me more useful information. I hope you share lots of things with us .eaton vfd

    ReplyDelete

Subscribe to: Post Comments (Atom)