Which command creates a NAT rule to allow internal clients to reach the Internet using MASQUERADE?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the MTCNA Foundation Exam. Prepare with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your certification!

Multiple Choice

Which command creates a NAT rule to allow internal clients to reach the Internet using MASQUERADE?

Explanation:
To let internal hosts reach the Internet, you need a source NAT rule that rewrites the local network addresses to the router’s public IP as traffic leaves toward the Internet. In RouterOS, this is done with a srcnat rule using masquerade. The appropriate command is: /ip firewall nat add chain=srcnat out-interface=wan action=masquerade. This targets outbound traffic going through the WAN interface and dynamically translates the source address to the WAN IP, which is ideal when the public IP can change (as with DHCP or PPPoE). The other options don’t achieve this: using dstnat is for forwarding inbound traffic to internal hosts, not for outbound address translation; targeting in-interface=wan would affect traffic entering from the WAN, which isn’t the direction needed for Internet access; and an accept action would simply permit traffic without performing NAT, so internal addresses wouldn’t be translated and Internet access wouldn’t work.

To let internal hosts reach the Internet, you need a source NAT rule that rewrites the local network addresses to the router’s public IP as traffic leaves toward the Internet. In RouterOS, this is done with a srcnat rule using masquerade. The appropriate command is: /ip firewall nat add chain=srcnat out-interface=wan action=masquerade. This targets outbound traffic going through the WAN interface and dynamically translates the source address to the WAN IP, which is ideal when the public IP can change (as with DHCP or PPPoE).

The other options don’t achieve this: using dstnat is for forwarding inbound traffic to internal hosts, not for outbound address translation; targeting in-interface=wan would affect traffic entering from the WAN, which isn’t the direction needed for Internet access; and an accept action would simply permit traffic without performing NAT, so internal addresses wouldn’t be translated and Internet access wouldn’t work.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy