{"id":918,"date":"2013-08-07T10:14:51","date_gmt":"2013-08-07T08:14:51","guid":{"rendered":"http:\/\/diablo.craem.net\/wordpress\/?p=918"},"modified":"2013-08-07T10:14:51","modified_gmt":"2013-08-07T08:14:51","slug":"policy-based-routing-cisco-y-mikrotik-tunnel-ipip-y-nat-3","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=918","title":{"rendered":"Policy Based Routing Cisco y Mikrotik, tunnel IPIP y NAT (3)"},"content":{"rendered":"<p>Ahora, vamos a NATear las ip&#8217;s de nuestro proveedor a las m\u00e1quinas de la red local.<br \/>\nQuiero que mi servidor Debian, con la 192.168.2.1, tenga como ip p\u00fablica la 1.1.1.4. Para ello, usaremos 2 reglas en nuestra mikrotik; una src-nat y otra dst-nat, usando como interface p\u00fablico el tunnel PPTP:<br \/>\n<code><br \/>\n\/ip firewall nat<br \/>\nadd action=src-nat chain=srcnat disabled=no out-interface=pptp_provider<br \/>\n    src-address=192.168.2.1 to-addresses=1.1.1.4<br \/>\nadd action=dst-nat chain=dstnat disabled=no dst-address=1.1.1.4<br \/>\n    in-interface=pptp_provider to-addresses=192.168.2.1<br \/>\nadd action=masquerade chain=srcnat disabled=no out-interface=pptp_provider<br \/>\nadd action=masquerade chain=srcnat disabled=no out-interface=outside<br \/>\n<\/code><br \/>\nY recordamos que tenemos que tener una entrada de masquerade para el tunnel pptp y que estas reglas deben de estar antes.<br \/>\nLa primera es para indicar que los paquetes entrantes desde internet, que vengan por el tunnel pptp (de entrada), a la ip p\u00fablica 1.1.1.4, lo traduzca a la 192.168.2.1 de nuestra red.<br \/>\nLa segunda regla, es para indicar que, la salida de nuestra m\u00e1quina 192.168.2.1, la NATee directamente a la 1.1.1.4, por el interface pptp_provider.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ahora, vamos a NATear las ip&#8217;s de nuestro proveedor a las m\u00e1quinas de la red local. Quiero que mi servidor Debian, con la 192.168.2.1, tenga como ip p\u00fablica la 1.1.1.4. Para ello, usaremos 2 reglas en nuestra mikrotik; una src-nat y otra dst-nat, usando como interface p\u00fablico el tunnel PPTP: \/ip firewall nat add action=src-nat [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,6,8],"tags":[41,67,107,119,178],"class_list":["post-918","post","type-post","status-publish","format-standard","hentry","category-cisco","category-mikrotik","category-varios","tag-cisco","tag-dst-nat","tag-mikrotik","tag-nat","tag-src-nat"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/918","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=918"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/918\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=918"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=918"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=918"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}