Hi,
I want to access several devices connected to Mikrotik at the same time. The problem is device IP address cannot be changed and gateway cannot be set.
I think this can be done only with routing. I don't know how to configure it. Please help me. Plan is attached.
To connect to these devices is used Windows application and the port(s) for communication with the computer is unknown. This means that all ports must be forwarded.
Thanks in advance.
The following will work (I tested this already)
/ip address
add address=172.16.0.1/24 interface=ether8 network=172.16.0.0
add address=192.168.1.100/24 interface=ether1 network=192.168.1.0
add address=192.168.1.101/24 interface=ether2 network=192.168.1.0
add address=192.168.1.102/24 interface=ether3 network=192.168.1.0
add address=192.168.1.103/24 interface=ether4 network=192.168.1.0
/ip firewall address-list
add address=10.0.0.1 list=translate-to-dev
add address=10.0.0.2 list=translate-to-dev
add address=10.0.0.3 list=translate-to-dev
add address=10.0.0.4 list=translate-to-dev
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=10.0.0.1 \
new-connection-mark=dev01 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=10.0.0.2 \
new-connection-mark=dev02 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=10.0.0.3 \
new-connection-mark=dev03 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=10.0.0.4 \
new-connection-mark=dev04 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=dev01 new-routing-mark=dev01 passthrough=no
add action=mark-routing chain=prerouting connection-mark=dev02 new-routing-mark=dev02 passthrough=no
add action=mark-routing chain=prerouting connection-mark=dev03 new-routing-mark=dev03 passthrough=no
add action=mark-routing chain=prerouting connection-mark=dev04 new-routing-mark=dev04 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
add action=masquerade chain=srcnat out-interface=ether4
add action=dst-nat chain=dstnat dst-address-list=translate-to-dev to-addresses=192.168.1.1
/ip route
add distance=1 dst-address=192.168.1.0/24 gateway=ether1 routing-mark=dev01
add distance=1 dst-address=192.168.1.0/24 gateway=ether2 routing-mark=dev02
add distance=1 dst-address=192.168.1.0/24 gateway=ether3 routing-mark=dev03
add distance=1 dst-address=192.168.1.0/24 gateway=ether4 routing-mark=dev04
Assuming ether8 is the connection to your computer (network 172.16.0.0/24), this code basically does the following:
(assuming we want to connect to device-01 in your diagram, which on this configuration is assumed to be on ether1)
1.- First marks the connection based on its destination, since we want to connect to device 01, we need to connect using the address 10.0.0.1, once a packet reaches the router with this destination it'll basically mark the connection as "dev01"
2.- Then it marks the routing of the packet to use dev01 routing-table (this sends the packet via ether1 for destination 192.168.1.0/24)
3.- Translates destination 10.0.0.1 to 192.168.1.1
4.- Sets the source as the IP address configured on the interface (on ether1 this basically sets the source as 192.168.1.100). Thus the device doesn't even need to have a gateway configured as long its network configuration uses as network 192.168.0.0/24
This actually works due to how RouterOS processes packets, dst-nat happens after the mangle-prerouting, which allows the classification of the traffic before it's dst-nated (which happens before a routing decision as well). Check it here:
https://wiki.mikrotik.com/wiki/Manual:Packet_Flow_v6
All you gotta do, is make sure traffic with destination 10.0.0.X reaches the router and it'll do the rest, in the configuration:
10.0.0.1 -> Connects to dev01
10.0.0.2 -> Connects to dev02
10.0.0.3 -> Connects to dev03
10.0.0.4 -> Connects to dev04
And this applies for any traffic actually (TCP, UDP, ICMP, etc.)