Avantguard Computer & Security Systems

MikroTik NAT

IP Configuration

# Set WAN IP (DHCP client)
/ip dhcp-client add interface=ether1 disabled=no

# Set LAN IP
/ip address add address=192.168.1.1/24 interface=bridge-local

Masquerade (NAT)

/ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade comment="NAT to WAN"

Port Forwarding

# Forward external port 80 to internal web server
/ip firewall nat
add chain=dstnat in-interface=ether1 protocol=tcp dst-port=80 \
    action=dst-nat to-addresses=192.168.1.100 to-ports=80

# Forward external port 2222 to internal SSH on 192.168.1.50:22
/ip firewall nat
add chain=dstnat in-interface=ether1 protocol=tcp dst-port=2222 \
    action=dst-nat to-addresses=192.168.1.50 to-ports=22

Static Routes

/ip route add dst-address=10.0.0.0/8 gateway=192.168.1.254

DNS

/ip dns set servers=1.1.1.1,8.8.8.8 allow-remote-requests=yes

DHCP Server

/ip pool add name=dhcp-pool ranges=192.168.1.100-192.168.1.250
/ip dhcp-server network add address=192.168.1.0/24 gateway=192.168.1.1 dns-server=192.168.1.1
/ip dhcp-server add name=dhcp interface=bridge-local address-pool=dhcp-pool disabled=no