Mikrotik Router NAT (Network Address Translation)

Network address translation (NAT) 

It is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) data gram packet headers while they are in transit across a traffic routing device.[1] The technique was originally used for ease of rerouting traffic in IP networks without readdressing every host. It has become a popular and essential tool in conserving global address space allocations in face of IPv4 address exhaustion by sharing one Internet-routable IP address of a NAT gateway for an entire private network.

Static NAT (One to One mapping):One to one mapping is also called static NAT it’s put a permanent ip mapping between an private ip address and a public  ip address.
 
NAT Overloading: It’s called Port Address Translation or PAT.In this case multiple private ip address space are able to share a common public ip address. Port address translation is reducing number of public ip address for network address translation.

Dynamic  NAT: Another  NAT method are Dynamic NAT. Dynamic map puts a dynamic mapping between an internal private ip address pool and a public ip address pool.It’s also create one to one relation on a FIFO algorithm basis .This method mikrotik router  called netmap.
NETMAP Configuration Example:

/ip firewall nat add  chain=dstnat action=netmap to-addresses=172.16.90.0/16
      dst-address=1.2.3.0/25 log=no log-prefix=""

/ip firewall nat add  chain=srcnat action=netmap to-addresses=1.2.3.0/25
      src-address=172.16.90.0/16 log=no log-prefix="
This configuration tell us a pool of ip address that are 172.16.90.0/16 mapped between a pool of an public ip address that are 1.2.3.0/25 is dynamically.

VLAN Configuration On Mikrotik Router and Unifi AP Ubiquiti

Unifi AP is one of high-end wireless networking product from Ubiquiti Networks, ideal for deployment of high-performance wireless networks. There are several models for it, that is UAP‑AC‑LITE, UAP-AC-LR, UAP-AC-PRO, UAP-AC-EDU, UAP, UAP-LR, UAP-PRO. Typically these devices are often installed in hotels, apartments and office building to cover hostpot network in the area. This access point is often applied with mikrotik device that usually used as router and a hotspot server.

Network Topology

 In the example above topology, there are 2 local networks that are configured for management UniFi devices and user devices (computers, laptops, pda, and etc). On Ether 2 is used as gateway unifi devices, and VLAN 10  created on ether 2 that used as gateway user devices and . Master port on ether 3 is set to ether 2 that used as port access VLAN 10. See How to create VLAN Trunk on mikrotik router

Mikrotik router configuration :

1. Login to mikrotik router

2. Creat VLAN for local network

3. Setting gatheway ip address for unifi ap devices and LAN hotspot

4. Setting ip-pool for both the local network

5. Configure DHCP server for each local network. Please see How to configure DHCP Server on Mikrotik Router.

Configure Unifi AP and Controller

1. Install unifi controller on the computer/laptop

2. Enable unifi controler, open browser and enter https://ip address pc or 127.0.0.1:8443 on address bar. Then login to unifi controller.

3. Go to Settings menu => Wireless Networks. Create SSID, enter VLAN ID and choose user group

4. Go to devices menu, click Unifi MAC Address and go to Configuration Tab. On the WLAN option, please click OVERRIDE and apply. Configure RADIOS, ALIAS, NETWORK as desired.

Mikrotik Router Simple Configuration

IP Address Configuration:

/ip address

add address=192.168.1.1/24 network=192.168.0.0 broadcast=192.168.1.255 interface=LOCAL

add address=103.103.103.102/30 network=103.103.103.100 broadcast=103.103.103.103 interface=WAN

 DNS Configuration:

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=4.4.4.4,8,8.8.8.8

NAT Configuration:

/ip firewall nat

add chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface=WAN

IP Route Configuration:

/ip route

add dst-address=0.0.0.0/0 gateway=103.103.103.101

Simple Queue Configuration For Client 192.168.1.2:

/queue simple

Add name="xxx" target-addresses=192.168.1.2/32 interface=LOCAL parent=none

      packet-marks="" direction=both priority=8

      queue=default-small/default-small limit-at=0/0 max-limit=512k/512k

      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s

      total-queue=default-small

Simple Queue Configuration For Client 192.168.1.3:

/queue simple

Add name="yyy" target-addresses=192.168.1.3/32 interface=LOCAL parent=none

      packet-marks="" direction=both priority=8

      queue=default-small/default-small limit-at=0/0 max-limit=1M/1M

      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s

      total-queue=default-small
Activate Mikrotik Router OS

How to activate Mikrotik Router OS

How to activate Mikrotik Router OS
RouterBOARD and PC license

RouterBOARD devices come pre installed with a RouterOS license, if you have purchased a RouterBOARD device, nothing must be done regarding the license.

For X86 systems (ie. PC devices), you need to obtain a license key.

The license key is a block of symbols that needs to be copied from your mikrotik.com account, or from the email you received in, and then it can be pasted into the router. You can paste the key anywhere in the terminal, or by clicking "Paste key" in Winbox License menu. A reboot is required for the key to take effect.

RouterOS licensing scheme is based on SoftwareID number that is bound to storage media (HDD, NAND).
Licensing information can be read from CLI system console:

[admin@RB1100] > /system license print 
    software-id: "43NU-NLT9"
         nlevel: 6
       features: 
[admin@RB1100] >

How to install Mikrotik Router OS

How to install Mikrotik Router OS, Prepare MikroTik RouterOS CD Installation Disk
1. Download CD installation Image from MikroTik download page

2. Burn ISO image to disk, you need PC with CD-ROM and application to write ISO files to CD.

3. Switch on the x86 box, where you want to install MikroTik RouterOS, it should be with CD-ROM as well. Put MikroTik RouterOS installation disk to CD-ROM and set to boot from CD-ROM in BIOS settings,

4. x86 will boot from MikroTik RouterOS installation disk and should offer you to select the RouterOS Packages to install,

 

Package Selection
5. Select the packages you want to install, it is possible to select all packages with a or minimum with m, then Press i to install the RouterOS.

Installation
6. If you have previous installation of the RouterOS and want to reset the configuration, then answer no for the question 'Do you want to keep old configuration ?' and click y to proceed,

7. You will the process of the packages installation. Router will ask for the reboot after installation is finished,

Post Installation procedures

8. MikroTik RouterOS is successfully installed, do not forget to eject CD installation disk and set PC to boot from Hard Drive,

9. MikroTik RouterOS is booted and you are ready to login. Default login is admin without any password,
 
Mikrotik Router Simple Configuration
Step by step install Mikrotik Router OS in VMware.

Download Mikrotik Winbox

Winbox is a small and powerful tool. If you do not have a command line interface (CLI) to configure the router mikrotik OS, these tools are recommended for you. These tools are user interface graphic, you do not need to be an expert to use these tools.

 

Go to the link http://www.mikrotik.com/download  and search "tools and utilities". under the tools and utilities you can get Winbox download link.

How to backup Mikrotik Configurations

In this tutorials, i will show you how to backup your mikrotik. Backup is a must, you need to do this before and after you make a change the router os. Because when you mad a change and you don't have a backup, you can undo your change.

Follow this step to make a backup your router :

1. Login with winbox
2. Click on FILE Menu in your mikrotik
3. Click Backup on top of menu

 

How to View Log in Mikrotik

At some point, we need to know what is happening with our routers when someone is making a change router or someone who is attacking our routers, you need to know and analyze the protocol. How to view the log file in mikrotik? To see the log file in mikrotik is very simple. just click on Log menu , see the picture bellow :