NAT Network setup with DSL modem and Mikrotik router I have littel experience in this kind of setups, so please bear with me. I think the question is kind of basic. I have to install a router in a LAN since I'll have to have it mandle a VPN tonnel later. In short I have to go from this: < PUBLIC IP > **[DSL Modem]** <192.168.1.1> ------ <192.168.1.0> **[A BUNCH OF SERVERS]** to this: < PUBLIC IP > **[DSL Modem]** <192.168.0.1> --- <192.168.0.2> **[Mikrotik Routerboard]** <192.168.1.1> --- <192.168.1.0> **[A BUNCH OF SERVERS]** I NATted the services I need to forward to the servers using the DSL modem interface (mail, rdp, ssh, etc). Now with the new setup I'm really confused on how should I procede. Is it sensible to have 2 NAT "hops"? DSL modem forwarding all services requests from the WAN to 192.168.0.2 (again by using the NAT interface) and then forwarding them again to the server (from the router)? Does NAT work this way? Is there another smarter way to solve this?

Don't know what DSL modem you're using, but you're probably better to make that DSL modem work in bridge mode and have your MikroTik router working as a normal WAN router facing WAN and LAN sides. That way you'll have no issues with VPN, be able to forward traffic as you like and set up a good firewall. This is very typical and good setup. And this is how I'd do it.

If you haven't got enough control over your DSL modem, then sure, you can do chained NAT, forward everything to MT router or, as Benoit suggested, set up a DMZ feature. That way you'll still be able to bring the VPN tunnel up, but only as a client.