Community discussions

MikroTik App
 
SapieH
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Wed May 13, 2009 9:44 pm

How do I bypass the masqurade rule

Thu Oct 15, 2009 11:48 pm

I need to bypass the masqurade rule on my router pc for all trafic to the voip server on IP 192.168.108.2
This critical as the voip server must see the IP of every incoming connection and not all of them coming from the router pc.
Any ideas???
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How do I bypass the masqurade rule

Fri Oct 16, 2009 3:02 am

/ip firewall nat add dst-address=192.168.108.2 action=accept place-before=0 disabled=no
p.s. so, why do you need masquerading at all?..
 
xezen
Long time Member
Long time Member
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: How do I bypass the masqurade rule

Fri Oct 16, 2009 9:10 am

i cant seem to get anything to work only if i use masquerade rule

but it could be confingeration i think

but not shore
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How do I bypass the masqurade rule

Fri Oct 16, 2009 2:02 pm

so either you solve your problem by yourself, or you post here your network configuration, and we'll try to help you :)
 
xezen
Long time Member
Long time Member
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: How do I bypass the masqurade rule

Fri Oct 16, 2009 3:04 pm

well i have everything in bridge mode

and im trying to get my backbone to work on ospf

but in not comming right


i have this

x86(mikrotik)--------433ah-wireless---------rb600-433ah-433ah

and all other towers connect wirelessly to Rb600-433ah-433ah

but also have clients connection to 433ah

so were do i start do i put a static ip address too all interfaces or leave them all black and set up ospf


???

that will get me started to what im looking for my network as bridge mode sux
 
SapieH
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Wed May 13, 2009 9:44 pm

Re: How do I bypass the masqurade rule

Fri Oct 16, 2009 3:25 pm

I need to masqurade my network as I have private IP ranges internally and the internet only sees my public IP
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How do I bypass the masqurade rule

Fri Oct 16, 2009 5:06 pm

I need to masqurade my network as I have private IP ranges internally and the internet only sees my public IP
but 192.168.108.2 is not the Internet, so if you are masquerading all requests to 192.168.108.2 - it's just a misconfiguration, nothing else. what's your config?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How do I bypass the masqurade rule

Fri Oct 16, 2009 5:10 pm

xezen, you do need ip address on every interface. after that, you can setup ospf to dynamically distribute all routes in your network
 
xezen
Long time Member
Long time Member
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: How do I bypass the masqurade rule

Fri Oct 16, 2009 10:39 pm

but 1 question first

i have 433ah with 3 wireless cards

can i go ether 1 10.0.0.1/32
ether2 10.0.0.2/32
ether3 10.0.0.3/32

etc

or whats the best whay to control ip address for the ospf

in regards to eth1,2,3
and wlan 1,2,3
on the same routerboard?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How do I bypass the masqurade rule

Fri Oct 16, 2009 11:46 pm

you only need /32 address as loopback address for OSPF (as Maris said on MUM-CZ... I still can't understand why do we need it :( )

anyway, you need correct IP networks on your interfaces (for example, /24 - but not /32)
 
xezen
Long time Member
Long time Member
Posts: 628
Joined: Fri May 30, 2008 10:23 am
Location: South Africa

Re: How do I bypass the masqurade rule

Sat Oct 17, 2009 9:51 am

so i can have ip address like like 10.0.0.1/24 on ether1

and 10.0.0.2/24 on ether 2


or must i have them as ether 1 10.0.0.1/24
and ether 2 10.0.1.1/24

as what i understand i cant have the same ip addess range on the same interface only if i bridge is this correct?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How do I bypass the masqurade rule

Sat Oct 17, 2009 4:29 pm

yes, you should setup different subnets on different interfaces
 
SapieH
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Wed May 13, 2009 9:44 pm

Re: How do I bypass the masqurade rule

Sun Oct 18, 2009 8:53 pm

I have a router pc with 9 ether ports.
ether 1 - 192.168.102.1 - from rb600 with back bone links
ether 2 - 192.168.101.1 - from rb433 public hotspot
ether 3 - 192.168.103.1 - from internet
ether 4 - 192.168.104.1 - pc
ether 5 - 192.168.105.1 - from radius manager
ether 6 - 192.168.106.1 - from rb433 ap
ether 7 - 192.168.107.1 - from internet
ether 8 - 192.168.108.1 - to voip server. This is used by our subscriber of our internal nertwork only. Never from th internet
ether 9 - not used

Only ether 3 and 7 need to be masquraded.
0 chain=srcnat action=accept dst-address=192.168.108.2

1 chain=srcnat action=masquerade

2 chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
connection-mark=http-conn

3 chain=dstnat action=dst-nat to-addresses=196.43.2.142 protocol=tcp
dst-port=25

Is there any way of only aplying the masqurade rule to ether 3 & 7 only ??
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How do I bypass the masqurade rule

Sun Oct 18, 2009 10:00 pm

add 'in-interface' parameter to your rules
 
SapieH
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Wed May 13, 2009 9:44 pm

Re: How do I bypass the masqurade rule

Sun Oct 18, 2009 10:30 pm

on which rule ??
Have tried it on the genral maqurade rule but it does not accept
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How do I bypass the masqurade rule

Sun Oct 18, 2009 10:46 pm

does not accep _what_?..
 
dipdip
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Jan 30, 2006 12:28 pm

Re: How do I bypass the masqurade rule

Tue Jan 31, 2012 5:40 pm

i got the same request.

we got a tower with clients connection to it via pppoe (10.0.1.0/24 range) and got a TV server on the same tower (192.168.1.10)

Its all on a 433AH board - eth 1 192.168.1.1 with the pppoe server on wlan1

I want the TV server to see every client IP (10.0.1.0/24) and not the IP of eth1 of the MT as is now the case if I use masquarade.

how can i do this?

chu..you code doesnt have a chain in it.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How do I bypass the masqurade rule

Tue Jan 31, 2012 6:10 pm

/ip fi nat add chain=srcnat dst-address=192.168.1.10 action=accept place-before=0
?..
 
dipdip
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Jan 30, 2006 12:28 pm

Re: How do I bypass the masqurade rule

Mon Feb 06, 2012 5:15 pm

and then i just add a route to the client on the ip server and a masquareade rule on the main link to the internet?

thx ill try it and let you know.
 
dipdip
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Mon Jan 30, 2006 12:28 pm

Re: How do I bypass the masqurade rule

Fri Feb 17, 2012 3:22 pm

thx!! it works great

Who is online

Users browsing this forum: No registered users and 15 guests