Prepared by wichets@e-spacecorp.net ● E-SPACE TECHNOLOGIES CORPORATION ● Tel.0898821501 pg. 15 of 31

How To Link Public addresses to Local ones

Using Network Address Translation (NAT), private IP addresses on LAN are replaced by public IP addresses. This

lets computers on LAN share public IP addresses.

Let us assume two addresses (10.0.0.216 and 10.0.0.217) are assigned to the router. In this example we will 'full

NAT' the internal address 192.168.0.4 to the external 10.0.0.216 one while keeping 10.0.0.217 for the router itself

as well as for masquerading the internal network. To setup the router follow the steps listed below.

1. Add 10.0.0.216/24 and 10.0.0.217/24 addresses to the router's Public interface and 192.168.0.254/24 to the

router's Local interface:

[admin@MikroTik] ip address> add address=10.0.0.216/24 interface=Public

[admin@MikroTik] ip address> add address=10.0.0.217/24 interface=Public

[admin@MikroTik] ip address> add address=192.168.0.254/24 interface=Local

Prepared by wichets@e-spacecorp.net ● E-SPACE TECHNOLOGIES CORPORATION ● Tel.0898821501 pg. 16 of 31

2. Add the default route to the router, but be aware of having two addresses. You should specify the address that

the router will be using while talking to the outer networks:

[admin@MikroTik] ip route> add gateway=10.0.0.1 prefsrc=10.0.0.217

3. Add DST-NAT rule allowing access to the internal server from external networks:

[admin@MikroTik] ip firewall nat> add action=dst-nat chain=dstnat \

dst-address=10.0.0.216/32 to-addresses=192.168.0.4

4. To add SRC-NAT rules allowing the internal server to talk to the outer networks having its source address

translated to 10.0.0.216, while translating other internal hosts' source addresses to 10.0.0.217:

[admin@MikroTik] ip firewall nat> add action=src-nat chain=srcnat \

src-address=192.168.0.4/32 to-addresses=10.0.0.216

[admin@MikroTik] ip firewall nat> add action=src-nat chain=srcnat \

src-address=192.168.0.0/24 to-addresses=10.0.0.217