So, 216.168.46.0/24 is masqueraded and 209.90.234.1/28 is NOT masqueraded by the rule with "src-address=10.0.1.0/24"? Isn't that a kind of magic?..
Have you tried the rules from my first answer? -- Подпись: (добавляется в конце всех исходящих писем) 2015-07-04 4:44 GMT+03:00 D. Ryan Spott <[email protected]>: > That is correct. It is disabled. When this is enabled then > 216.168.46.0/24 and 10.0.1.0/24 are BOTH masqueraded via 209.90.234.1. > > The behavior I want is: > 10.0.1.0/24 to masquerade via 209.90.234.1. > 216.168.46.0/24 to simply route as usual. > > ryan > > > On 7/3/15 6:34 PM, Chupaka wrote: > >> "disabled=yes" huh?.. >> 4 Июл 2015 г. 2:04 пользователь "D. Ryan Spott" <[email protected]> >> написал: >> >>> This might help: >>> >>> A diagram >>> >>> >>> >>> The export of the config: >>> >>> ... >>> >>> /interface bridge port >>> add bridge=LAN interface=ether2 >>> add bridge=LAN interface=ether3 >>> add bridge=LAN interface=ether4 >>> add bridge=WAN interface=ether1 >>> >>> /ip address >>> add address=209.90.234.1/28 interface=WAN network=209.90.234.0 >>> add address=216.168.46.1/28 interface=LAN network=216.168.46.0 >>> add address=10.0.1.1/28 interface=LAN network=10.0.1.0 >>> >>> ... >>> >>> /ip firewall nat >>> add action=masquerade chain=srcnat disabled=yes out-interface=WAN \ >>> src-address=10.0.1.0/24 >>> /ip route >>> >>> No DHCP server, no hotspot, no crazy firewall filters. >>> >>> >>> ryan >>> >>> On 7/3/15 2:05 PM, Scott Lambert wrote: >>> >>>> That rule is not natting your 216.168.46.0/24 <http://216.168.46.0/24> >>>> >>> traffic, barring a major bug in RouterOS. Something else may be, but not >> that rule as shown here. >> >>> >>>> "/ip firewall nat export" and show the command you typed all the way >>>> >>> through the next command prompt. >> >>> Also let us know your RouterOS version. >>>> >>>> On July 3, 2015 11:49:33 AM CDT, "D. Ryan Spott" <[email protected]> >>>> >>> wrote: >> >>> I have the following network: >>>> >>>> <internet>-<router>-<ISP Network> >>>> >>>> The router has a WAN IP of 209.90.234.1/28 >>>> The router has a LAN IP of 216.168.46.0/24 >>>> The router has a LAN IP of 10.0.1.0/24 >>>> >>>> When I enable this: >>>> /ip firewall nat >>>> add action=masquerade chain=srcnat out-interface=WAN >>>> src-address=10.0.1.0/24 >>>> >>>> The result is ALL of the LAN clients 10. and 216. are all >>>> masqueraded to 209.90.234.1. >>>> >>>> >>>> >>>> >>>> How can I limit the masquerade to the 10.0.1.0/24 network ONLY and >>>> let the 216.168.46.0 addresses do the normal internet routing >>>> thing? >>>> >>>> It is something obvious. Need more coffee.. or Scotch. >>>> >>>> >>>> ryan >>>> >>>> -- D. Ryan Spott | NGC457, llc >>>> broadband | telco | colo | communities >>>> PO Box 1734 Sultan, WA 98294 >>>> 425-939-0047 >>>> >>>> >>>> >> ------------------------------------------------------------------------ >> >>> Mikrotik-users mailing list >>>> [email protected] >>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>>> >>>> -- Sent from my Android device with K-9 Mail. Please excuse my brevity. >>>> >>> -- >>> D. Ryan Spott | NGC457, llc >>> broadband | telco | colo | communities >>> PO Box 1734 Sultan, WA 98294 >>> 425-939-0047 >>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL: < >>> >> >> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150703/34e9a2ed/attachment.html >> >>> -------------- next part -------------- >>> A non-text attachment was scrubbed... >>> Name: iccdibgf.png >>> Type: image/png >>> Size: 78948 bytes >>> Desc: not available >>> URL: < >>> >> >> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150703/34e9a2ed/attachment.png >> >>> >>> _______________________________________________ >>> Mikrotik mailing list >>> [email protected] >>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> >> RouterOS >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: < >> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150704/6b03656e/attachment.html >> > >> _______________________________________________ >> Mikrotik mailing list >> [email protected] >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > > > -- > D. Ryan Spott | NGC457, llc > broadband | telco | colo | communities > PO Box 1734 Sultan, WA 98294 > 425-939-0047 > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150704/41ab7b99/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
