Difference between revisions of "NAT Tutorial"
| Line 9: | Line 9: | ||
Wugger PVT Lan Range: 10.0.0.0/24 | Wugger PVT Lan Range: 10.0.0.0/24 | ||
Wugger PC PVT IP: 10.0.0.3 | Wugger PC PVT IP: 10.0.0.3 | ||
| + | |||
| + | ==Source NAT (SRC-NAT) == | ||
[[Image:NAT_ips.jpg]] | [[Image:NAT_ips.jpg]] | ||
| + | For Source NAT your PVT IP address will be translated to a Public WUG IP, this so that you pvt ip can communicate with traffic on the public network (Think of it as traffic going out from pvt lan to public lan) | ||
First configure the IP's for your wlan1 (Wireless Wug interface) and eht1 (Ethernet interface) | First configure the IP's for your wlan1 (Wireless Wug interface) and eht1 (Ethernet interface) | ||
| Line 32: | Line 35: | ||
[[Image:Mikrotik_nat_howto05.jpg]] | [[Image:Mikrotik_nat_howto05.jpg]] | ||
| + | |||
| + | There are 2 ways in accomplishing this. You can use the masquerade function that will translate ALL ips in your PVT network range to 1 ip (which will be the wug ip of your RB) or you can translate a specific Wug ip from the range give to you, to a specific pvt ip of your lan | ||
| + | |||
| + | *Option 1 - Using MASQUERADE to hide (translate) all ip's on your pvt lan to 1 public (Wug) IP | ||
[[Image:Mikrotik_nat_howto06.jpg]] | [[Image:Mikrotik_nat_howto06.jpg]] | ||
| + | |||
| + | [[Image:Mikrotik_nat_howto07.jpg]] | ||
| + | |||
| + | *Option 2 - Translate an IP from your WUG RANGE to an internal PVT IP on your lan range | ||
| + | |||
| + | [[Image:Mikrotik_nat_howto08.jpg]] | ||
| + | |||
| + | [[Image:Mikrotik_nat_howto09.jpg]] | ||
| + | |||
| + | == Destination NAT (DST-NAT) == | ||
| + | |||
| + | For Destination NAT traffic to a public WUG IP will be forwarded to your PVT IP address. This is also known as port forwarding. You can either forward all traffic to a public ip to your ip or you can choose to only forward selected ports to your ip. You can even use 1 public ip and forward different ports to different internal ips. (Like forward port 21 (ftp) to ip 10.0.0.3 and forward port 80 (http) to ip 10.0.0.4. | ||
| + | |||
| + | Once again we go IP > Firewall and choose the NAT Tab | ||
| + | |||
| + | To Forward all ports from the WUG IP 172.18.100.1 to the PVT IP 10.0.0.3 | ||
| + | |||
| + | [[Image:Mikrotik_nat_howto10.jpg]] | ||
| + | |||
| + | [[Image:Mikrotik_nat_howto11.jpg]] | ||
| + | |||
| + | |||
| + | To Forward only port 21 WUG IP 172.18.100.1 to the PVT IP 10.0.0.3 for an FTP server hosted on PVT IP 10.0.0.3 | ||
| + | |||
| + | [[Image:Mikrotik_nat_howto12.jpg]] | ||
| + | |||
| + | [[Image:Mikrotik_nat_howto13.jpg]] | ||
Revision as of 18:33, 21 September 2009
This is a tutorial to explain how to use your own private lan range for network and NAT network address translation This means, for example, that in your private network you can have whatever private IP you want which is then in turn translated to the public network IP (WUG IP) given to you by your WUG Admin. This tutorial can thus be used by wuggers who dont want to change the internal IP addressing of their LAN.
In tutorial we are using the following ips:
Highsite IP: 172.18.100.254 Wugger RB IP: 172.18.100.6 Wugger Wug Range: 172.18.100.0/29 Wugger PVT Lan Range: 10.0.0.0/24 Wugger PC PVT IP: 10.0.0.3
Source NAT (SRC-NAT)
For Source NAT your PVT IP address will be translated to a Public WUG IP, this so that you pvt ip can communicate with traffic on the public network (Think of it as traffic going out from pvt lan to public lan)
First configure the IP's for your wlan1 (Wireless Wug interface) and eht1 (Ethernet interface)
Set your static Wug route of 172.18.0.0/16
To configure the NAT, go to IP > Firewall and click the NAT tab
First we will configure the Source Network Address Translation setting (SRC-NAT). This will translate your local pvt lan ip (10.0.0.3) to a public (wug accessible) ip.
There are 2 ways in accomplishing this. You can use the masquerade function that will translate ALL ips in your PVT network range to 1 ip (which will be the wug ip of your RB) or you can translate a specific Wug ip from the range give to you, to a specific pvt ip of your lan
- Option 1 - Using MASQUERADE to hide (translate) all ip's on your pvt lan to 1 public (Wug) IP
- Option 2 - Translate an IP from your WUG RANGE to an internal PVT IP on your lan range
Destination NAT (DST-NAT)
For Destination NAT traffic to a public WUG IP will be forwarded to your PVT IP address. This is also known as port forwarding. You can either forward all traffic to a public ip to your ip or you can choose to only forward selected ports to your ip. You can even use 1 public ip and forward different ports to different internal ips. (Like forward port 21 (ftp) to ip 10.0.0.3 and forward port 80 (http) to ip 10.0.0.4.
Once again we go IP > Firewall and choose the NAT Tab
To Forward all ports from the WUG IP 172.18.100.1 to the PVT IP 10.0.0.3
To Forward only port 21 WUG IP 172.18.100.1 to the PVT IP 10.0.0.3 for an FTP server hosted on PVT IP 10.0.0.3
