Have you been configuring NAT the right way on Mikrotik?

Network Address Translation (NAT) is a technique used in networking to map private IP addresses to a public IP address, allowing multiple devices within a private network to share a single public IP address for accessing the Internet. Well, at least if you are not configuring dynamic NAT. MikroTik routers support various source NAT configurations.

Source NAT, also known as masquerading, is used to hide the private IP addresses of devices on your local network behind the router’s public IP address when they access the Internet. In this post, we will look at three different methods for configuring source NAT on a Mikrotik router.

Source NAT configuration on Mikrotik using an exit interface

/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade 

While the above method is quite easy to configure and works well, it poses a security issue as you do not have control over what IPs are included in the NAT process. Any other network that gets added will automatically be allowed in the Nat process except an admin goes in to configure otherwise. The solution to this is the use of source address.

You may also like: Multi-Area OSPF implementation on Mikrotik routers

Source NAT configuration on Mikrotik using source address

/ip firewall nat add chain=srcnat src-address=192.168.10.0/24 action=masquerade

This method involves the use of a source address pool instead of an exit interface. Any IP that falls outside the range of the defined IP pool will not be allowed in the NAT process. In methods one and two above, we assume that the client has just one ISP-assigned public IP. If the customer has two or more public IPs to be used for Mikrotik Source NAT, then Dynamic NAT should be configured. This will ensure that the available IPs are shared among the devices with private IPs, requiring access to the internet.

Dynamic NAT configuration on Mikrotik

/ip firewall nat add chain=srcnat src-address=192.168.10.0/24 action=src-nat to-address=10.10.10.2-10.10.10.3

The video below, posted to my YouTube channel, shows a comprehensive hands-on guide on how to implement source NAT on a Mikrotik router using the three different methods already discussed in this post.

If you found this post interesting, please feel free to share, comment and subscribe to this blog to receive my posts via emails. Also subscribe to my YouTube channel, like my Facebook page and follow me on Twitter.

Spread the love

Leave a Comment