Which NAT rule enables internet access for a LAN behind MikroTik using the device's WAN interface?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the MTCNA Foundation Exam. Prepare with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your certification!

Multiple Choice

Which NAT rule enables internet access for a LAN behind MikroTik using the device's WAN interface?

Explanation:
The key idea is enabling outbound internet access through NAT that translates internal LAN addresses to the router’s public WAN IP. A source NAT rule (srcnat) that matches traffic going out of the WAN interface and uses masquerade will rewrite the source address of packets from LAN hosts to the WAN IP, so replies come back through the router. Masquerade is ideal here because it automatically uses the current WAN IP (handy with dynamic IPs from many ISPs) and allows multiple LAN devices to share a single public address. So the correct rule is a source NAT on the outgoing WAN path with masquerade. The other options don’t fit: NAT on the inbound side (in-interface=WAN) would affect traffic coming from the Internet, not LAN to Internet; a destination NAT rule (dstnat) handles port forwarding or redirecting inbound connections, not general Internet access; NAT on the LAN as the out-interface would try to NAT traffic leaving via the LAN, which isn’t how traffic to the Internet exits the router.

The key idea is enabling outbound internet access through NAT that translates internal LAN addresses to the router’s public WAN IP. A source NAT rule (srcnat) that matches traffic going out of the WAN interface and uses masquerade will rewrite the source address of packets from LAN hosts to the WAN IP, so replies come back through the router. Masquerade is ideal here because it automatically uses the current WAN IP (handy with dynamic IPs from many ISPs) and allows multiple LAN devices to share a single public address.

So the correct rule is a source NAT on the outgoing WAN path with masquerade. The other options don’t fit: NAT on the inbound side (in-interface=WAN) would affect traffic coming from the Internet, not LAN to Internet; a destination NAT rule (dstnat) handles port forwarding or redirecting inbound connections, not general Internet access; NAT on the LAN as the out-interface would try to NAT traffic leaving via the LAN, which isn’t how traffic to the Internet exits the router.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy