Re: [Mikrotik] [Mikrotik Users] Selective NAT

Fri, 03 Jul 2015 16:05:27 -0700 

This might help:

A diagram



The export of the config:

...

/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=WAN interface=ether1

/ip address
add address=209.90.234.1/28 interface=WAN network=209.90.234.0
add address=216.168.46.1/28 interface=LAN network=216.168.46.0
add address=10.0.1.1/28 interface=LAN network=10.0.1.0

...

/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=WAN \
    src-address=10.0.1.0/24
/ip route

No DHCP server, no hotspot, no crazy firewall filters.


ryan

On 7/3/15 2:05 PM, Scott Lambert wrote:
That rule is not natting your 216.168.46.0/24 <http://216.168.46.0/24> traffic, barring a major bug in RouterOS. Something else may be, but not that rule as shown here.
"/ip firewall nat export" and show the command you typed all the way through the next command prompt. 

Also let us know your RouterOS version.
On July 3, 2015 11:49:33 AM CDT, "D. Ryan Spott" <[email protected]> wrote: 

    I have the following network:

    <internet>-<router>-<ISP Network>

    The router has a WAN IP of 209.90.234.1/28
    The router has a LAN IP of 216.168.46.0/24
    The router has a LAN IP of 10.0.1.0/24

    When I enable this:
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=WAN
    src-address=10.0.1.0/24

    The result is ALL of the LAN clients 10. and 216. are all
    masqueraded to 209.90.234.1.




    How can I limit the masquerade to the 10.0.1.0/24 network ONLY and
    let the 216.168.46.0 addresses do the normal internet routing thing?

    It is something obvious. Need more coffee.. or Scotch.


    ryan
-- D. Ryan Spott | NGC457, llc 
    broadband | telco | colo | communities
    PO Box 1734 Sultan, WA 98294
    425-939-0047

    ------------------------------------------------------------------------

    Mikrotik-users mailing list
    [email protected]
    http://lists.wispa.org/mailman/listinfo/mikrotik-users
-- Sent from my Android device with K-9 Mail. Please excuse my brevity. 
--
D. Ryan Spott | NGC457, llc
broadband | telco | colo | communities
PO Box 1734 Sultan, WA 98294
425-939-0047
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20150703/34e9a2ed/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iccdibgf.png
Type: image/png
Size: 78948 bytes
Desc: not available
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20150703/34e9a2ed/attachment.png>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Reply via email to