One of the most important tasks among others that are performed by the router is the NAT function. There are two types of NAT available. One is Source NAT and the other one is Destination NAT. Source NAT is used to change the private IP address into the public IP address and the destination NAT is used to change the public IP address into a private address.
Generally source NAT is used to connect to the internet and the destination NAT is used to connect to the internal service from the internet.
In this tutorial, we are going to learn both of these NAT configurations using the Mikrotik Router.
The Mikrotik router can perform the Source NAT (Src NAT) as well as Destination NAT (Dst NAT) also. Using this Source NAT feature, we can share one public IP address among so many users.
In this tutorial, we are going to talk about how to configure the Mikrotik router for the Src NAT function. We will perform this task using the “Winbox” tool.
We will go through the step-by-step process. First of all, open your Winbox tool and go to the IP-Firewall-Nat section. In there, create a new rule.
Now go to the "General" tab. Select "src-net" from the chain field. Write the local network address for which you are going to configure the NAT function. in this tutorial, we are using 192.168.1.0/24 as our local network address.
Now we will go to the "Action" tab. From there we can select "src-nat" or "masquerade" as our action value to perform the NAT function for our local network. If we select "src-nat" as our action value, then we have to specify the public IP address into the "To Addresses" field. We assume that our public IP address is 1.1.1.1.
If we select "masquerade" as our action value, then there is nothing left we have to do. Just select the "masquerade" as an action value and click on the "apply" button.
If we have more than one local address as well as public IP address then we will use the "src-nat" as an action value. Because by using this way, we can manipulate the NAT process as our requirements or for any advanced functions. For any home uses or a single local network, there are no extra requirements other than an internet connection, we can use "masquerade" as an action value.
That's it. After click on the "Apply" and "OK" button, our Src NAT rule will be added to our NAT list.
Now we are going to talk about destination NAT.
Generally, one public IP address is required per service which has to be made accessible from the internet. According to that if we have 5 services that have to be opened up into the internet, then we have to have 5 public IP addresses. But it is possible to use one public IP address to open up multiple services.
To access the multiple services from the internet which are running behind on our router and at the same time our router has been configured with only one public IP address, in that case, destination NAT is required. Destination NAT is the process of translating a public IP address to a specific private IP address.
Suppose you have a service that is running on your local network is accessible only for your local user. Now you want to publish that service on the internet so that any internet user can access this service from anywhere in the world. Internet users will submit a request on the router to reach a specific service using the router's public IP address and that service's port number. Then the router will check its NAT table if any entry is available for that port number. Every router maintains a port forwarding table where every service (port number) should be listed that are intended to access from the internet. Not only the service name, which computer is providing that service also be listed. And that's why a router can redirect the traffic to a specific destination what is an internet user searching for. This process is called "Destination NAT" or "PAT (Port Address Translator)".
Assume that, we have a web server running on our local network. Only our LAN user can access this web server. No internet users can't access it because this server is not published on the internet. Now we want to make available this web server on the internet. We have two options to accomplish this task. The first one is, we can use one public IP address directly in our web server and that's why it will automatically available on the internet. And the other one is, we can forward the web server request to our internal web server from our router, which is called destination NAT or port forwarding.
In this tutorial, we are going to learn how to perform port forwarding or destination NAT for web server on the Mikrotik router.
In the Mikrotik router, we can achieve this task by configuring one destination NAT entry. By this entry, we are telling our router that if any request has come from the internet to reach a web server then forward that traffic to our internal web server.
Step by step the whole process is shown graphically below.
First of all, we will go to the "NAT" option from the "Firewall" menu and there we will create a destination NAT rule.
Now go to the "General" tab and select "dstnat" as "Chain" value. Write your public IP address at the "Dst. Address" field. Select "TCP" from the "Protocol" field. And finally, write the destination port number at the "Dst. Port" field. We know that web service is working with TCP port 80 number.
Now we will navigate to the "Action" tab. And there we select "dst-nat" as "Action" value. At the "To Address" field, we will write our server IP address where the web service is running on. At the "To Port" field, we will write the service's port number, that our web server is using for that service
Finally, click on apply and then "OK". A destination NAT entry will be added as follows.
From now on if any request has come to the router from the internet which is intended to go to the web server, then our router will redirect it to our internal web server means 10.168.1.247 IP address.
This is the whole process for Mikrotik Destination NAT. We can call this Mikroitk port forwarding.
No comments:
Post a Comment