How To Implement Single IP NAT Strategy in MikroTik Router.

Lately I updated a post on simple approach to NAT network address translation, if you have being following our trends you will discover that  mikroTik Routers has a lot of features which will help you to customize your network just as you want it.
 Sometimes, it may be your requirement that you need to allow one IP internet access. Normally, when you apply masquerade NAT rule in your MikroTik router, you accept that all your internal or private IP’s will be masqueraded or a network block will be masqueraded. But if you do so and enable a DHCP server in your network, you may face a lot of unauthorized accesses in your network.
Infact as a result of this a user will be connected in our network, and without authentication they will get internet information including IP, Subnet mask, Gateway and DNS by DHCP server and can access internet through your MikroTik router. So, an unauthorized user can consume your bandwidth even when your trying to manage it.

But as an IT person this is one of the things you don’t want in your network, permitting  anyhow  user to access internet through your MikroTik router without your permission. Beside the effect of NAT is to limit these unsafe authentications. So If you want to prevent unauthorized access in your network, you have to apply a strategy named Single IP NAT strategy.
 Single IP NAT strategy will help you to control unauthorized access to your network. If you apply single IP NAT strategy, no IP device can get internet access through your router until you allow that IP.
Single IP NAT Strategy.
Single IP NAT Strategy is not a MikroTik service but a logical tricks which will prevent unauthorized internet access in your network. Say, you are going to build a DHCP enabled network with MikroTik router in your office like below network diagram where users will come with their IP devices and he/she will be connected with your network by wire or wireless device.
But you don’t want that any user can access internet through your DHCP server without your permission. For this, you should apply single IP NAT strategy in your MikroTik router. If you wish to apply single IP NAT strategy in your MikroTik router, simply follow the steps below:


Single IP NAT Configuration in MikroTik Router
To apply a single IP NAT configuration on your router:
Lunch and login into your winbox.
On the dashboard menu
Click on IP > Firewall menu and click on NAT tab and then click on add new button (PLUS Sign) to create a new NAT rule. In New NAT Rule window click on General tab and then select srcnat from Chain drop-down box.
Now click on Advanced tab and type ipblock1 or your own string as you like in Src. Address List input box.
Click on Action tab and choose masquerade from Action drop-down list and then click Apply and OK button.
Now click on Address List tab in Firewall window and click on add new button (PLUS Sign) to create a new list.
Choose ipblock1 or your provided string from Name drop-down list and type the IP address on which you want to allow internet in Address input box and then click Apply and OK button.
Do step 4 every time you want to allow an IP to access internet through your router
After you have this configured this successfully, you will see that IP addresses which are listed in Address List panel which can access internet through your MikroTik router.
Every other IP addresses of your network block cannot access internet through your router although these IP address are obtained by IP devices from your MikroTik DHCP server.
You have to follow the above steps carefully otherwise you cannot apply single IP NAT strategy in your MikroTik router.
If you face any difficulty while doing the above  about Single IP NAT Strategy in MikroTik Router feel free to use the comment box
The logical tricks named Single IP NAT Strategy is simply to prevent unauthorized internet access into your network, and here I  have explained it step by step in this article.
However, if you face any problem to apply single IP NAT strategy in your MikroTik router, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.


Leave a Reply

Your email address will not be published. Required fields are marked *