Amb el codi seguent fem el nat d’un rang privat de 192.168.1.0 al ether 1 d’una rb mikrotik, tansols heu de canviar-hi la gateway que esta en vermell,per la vostra…
# Device has firewall (setting up as CPE)
/ip route add gateway=10.140.91.1
/interface ethernet set ether1 arp=proxy-arp
/ip address
:foreach i in [find address=”192.168.1.1/24“] do={remove $i}
/ip address add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1 comment=”” disabled=no
:delay 1
/ip pool
:foreach i in [find name=private] do={remove $i}
add name=”private” ranges=192.168.1.100-192.168.
1.200
:delay 1
/ip dhcp-server
:foreach i in [find name=private] do={remove $i}
add name=”private” interface=ether1 lease-time=3d address-pool=private bootp-support=static authoritative=after-2sec-delay disabled=no
:delay 1
/ip dhcp-server network
:foreach i in [find] do={remove $i}
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24 dns-server=10.139.38.2,10.139.98.66 domain=”guifi.net” comment=””
:delay 1
/ip dhcp-client
:foreach i in [find] do={remove $i}
:delay 1
/ip firewall nat
:foreach i in [find] do={remove $i}
:delay 1
add chain=srcnat out-interface=ether1 action=masquerade comment=”” disabled=no
/ip firewall filter
:foreach i in [find] do={remove $i}
add chain=input connection-state=established action=accept comment=”Allow Established connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input src-address=”192.168.1.0/24” action=accept comment=”Allow access to router from known network” disabled=no
add chain=input protocol=tcp dst-port=22 action=accept comment=”Allow remote ssh” disabled=no
add chain=input protocol=udp dst-port=161 action=accept comment=”Allow snmp” disabled=no
add chain=input protocol=tcp dst-port=8291 action=accept comment=”Allow remote winbox” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ping” disabled=no
add chain=forward connection-state=established action=accept comment=”Allow already established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”Allow related connections” disabled=no
add chain=forward src-address=”192.168.1.0/24” action=accept comment=”Allow access to router from known network” disabled=no
add chain=input protocol=tcp connection-state=invalid action=drop comment=”” disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop comment=”Drop invalid connections” disabled=no
add chain=forward action=drop comment=”Drop anything else” disabled=no
add chain=input action=drop comment=”Drop anything else” disabled=no
:delay 1
:delay 1
/ip dhcp-server
:foreach i in [find name=private] do={remove $i}
add name=”private” interface=ether1 lease-time=3d address-pool=private bootp-support=static authoritative=after-2sec-delay disabled=no
:delay 1
/ip dhcp-server network
:foreach i in [find] do={remove $i}
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24 dns-server=10.139.38.2,10.139.98.66 domain=”guifi.net” comment=””
:delay 1
/ip dhcp-client
:foreach i in [find] do={remove $i}
:delay 1
/ip firewall nat
:foreach i in [find] do={remove $i}
:delay 1
add chain=srcnat out-interface=ether1 action=masquerade comment=”” disabled=no
/ip firewall filter
:foreach i in [find] do={remove $i}
add chain=input connection-state=established action=accept comment=”Allow Established connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input src-address=”192.168.1.0/24” action=accept comment=”Allow access to router from known network” disabled=no
add chain=input protocol=tcp dst-port=22 action=accept comment=”Allow remote ssh” disabled=no
add chain=input protocol=udp dst-port=161 action=accept comment=”Allow snmp” disabled=no
add chain=input protocol=tcp dst-port=8291 action=accept comment=”Allow remote winbox” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ping” disabled=no
add chain=forward connection-state=established action=accept comment=”Allow already established connections” disabled=no
add chain=forward connection-state=related action=accept comment=”Allow related connections” disabled=no
add chain=forward src-address=”192.168.1.0/24” action=accept comment=”Allow access to router from known network” disabled=no
add chain=input protocol=tcp connection-state=invalid action=drop comment=”” disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop comment=”Drop invalid connections” disabled=no
add chain=forward action=drop comment=”Drop anything else” disabled=no
add chain=input action=drop comment=”Drop anything else” disabled=no
:delay 1