Yup, that's pretty close to what I'm saying. The new AP is on ether7,
and it's not part of a bridge.
The only chain I'm specifying is srcnat. The typical (almost generic)
NAT rule is like this:
add chain=srcnat action=masquerade out-interface=WAN
So I tried to add this:
add chain=srcnat action=masquerade in-interface=ether7
out-interface=ether1
That gave me the error.
Looks like the following will work?
add chain=srcnat action=masquerade out-interface=ether1
src-address=10.10.107.20-10.10.107.99
bp
On 9/13/2011 1:42 PM, Josh Luthman wrote:
You could src-address=10.2.3.0/24 if that's what you're asking?
What ingoing interface did you try? Is it part of a bridge? Why are you
specifying the output chain???
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Tue, Sep 13, 2011 at 4:35 PM, Bill Prince<
[email protected]> wrote:
Hrrmmmm.
Setting up to do masquerade on just the interface this AP is on does not
work. It says "ingoing interface matching not possible in output and
postrouting chains".
So what do I do to just NAT for this group of subs? Is it possible to
match the source address from this subnet?
bp
On 9/9/2011 5:17 PM, Bill Prince wrote:
Well, the old AP is on ether2, and all the old SMs are there too and on
the /26 subnet.
The new AP is on ether7, and the new SMs will not talk to the old AP. So
they will have to go somewhere, and I don't have enough spare IP addresses
to just plunk down a new subnet on the new AP.
We're in the midst of getting a block of IPs from ARIN, and I don't think
I will get the addresses before the AP/SM switch happens.
Just doing a NAT for the new guys until the switch is over might make the
most sense...
bp
On 9/9/2011 4:21 PM, Scott Reed wrote:
You can not have 2 ports on the same device in the same subnet. It won't
know which to use.
But, with what you are saying, why can't you just split the /26 into 2
/27s and be done?
Here is maybe the thing that is getting you. If you split the /26 into 2
/27s and put them on separate interfaces on the router, the router is happy.
The clients can still have /27, PROVIDED their default gateway is the same
half the subnet they are in. The clients can not talk to each other because
they think they don't need to route. If the clients don't need to talk,
this should be fairly easy.
On 9/9/2011 6:45 PM, Bill Prince wrote:
My thinking was that all the lower addresses (1-30) will be in the /26,
and all the upper addresses (33-62) will be in the /27. Once they're moved,
then I can go back and switch all the lowers to a /27.
This will all be on the same router (RB493). The /26 is on ether 2, and
the /27 will be on ether 7. While I'm switching all the folks that need to
go over to the new AP (which is on ether 7), I will have ether 2 configured
as the master for ether 7 (the old AP is on ether 2).
Actually, now that I think about it, it should only take me about 15 or
20 minutes to make both /27 subnets and just switch everyone enmass...
bp
On 9/9/2011 3:13 PM, Scott Reed wrote:
Routing will be a problem.
How are you going to tell a router customer .1 is here, .5 is there,
etc.?
There are thousands of /26 networks available that are non-routing.
What about creating a new /26 out of 10.x.x.x and NAT it until you get
everyone moved?
On 9/9/2011 5:34 PM, Bill Prince wrote:
We put up a new AP on a POP where we already have 6 operating APs.
The plan is to split off about 25 existing subscribers on one of the old
APs and put them on this new AP.
So we have all the subs (about 50) in one /26 (x.y.x.0/26). The
ones we're going to move I need to put on a separate subnet, as everything
is different, but I don't have enough IPs in a completely different subnet
to just move them over at the moment.
Would there be an issue to create a new subnet (x.y.z.32/27), and move
all the ones we want on the new AP to this subnet? This would overlap with
the old subnet for the short time we're moving everyone.
Then after they're moved, I'll take the old x.y.z.0/26 and change it
to x.y.z.0/27.
______________________________**_________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
______________________________**_________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
______________________________**_________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:<http://www.butchevans.com/pipermail/mikrotik/attachments/20110913/0d059420/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.butchevans.com/pipermail/mikrotik/attachments/20110913/68173e1b/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
