Community discussions

MikroTik App
 
anesth
just joined
Topic Author
Posts: 9
Joined: Wed Nov 21, 2012 1:12 am

NAT bug?

Fri Jul 12, 2013 7:22 pm

Hi. I'm using ROS 6.1 at RB450G in failover multiwan configuration, where NAT from primary channel performed out of the MT device and NAT for spare channel works with
chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=wan2
. wan2 interface also terminates road-warrior ipsec setup and SSTP tunnels. Some time after updgraded 5.24 to 6.1 I noticed that spare channel doesn't work for lan while ping from device itself through that channel works fine. I investigated the issue and disovered that mikrotik device does NAT, but when responses from remote IP arrives to mikrotik device I see them at input firewall chain:
19:02:20 firewall,info input: in:wan2 out:(none), src-mac 00:00:2e:d0:11:48, proto ICMP (type 0, code 0), 8.8.8.8->WAN2_IP, len 84 
19:02:21 firewall,info input: in:wan2 out:(none), src-mac 00:00:2e:d0:11:48, proto ICMP (type 0, code 0), 8.8.8.8->WAN2_IP, len 84 
19:02:22 firewall,info input: in:wan2 out:(none), src-mac 00:00:2e:d0:11:48, proto ICMP (type 0, code 0), 8.8.8.8->WAN2_IP, len 84
I tried to clean firewall rules holding only masquerade rule for wan2, but without of luck.
Can somebody help me to resolve this issue?

Thanks
 
manuelritter
newbie
Posts: 41
Joined: Wed Sep 16, 2009 4:10 pm

Re: NAT bug?

Wed Jul 17, 2013 10:22 am

Similar issue here i think.

I got an issue that the CCR1036 with ROS6.1 ist NATing incoming ipsec connections to in-interface IP
09:18:16 firewall,info VPN forward: in:ether6 out:Ring, src-mac 00:26:0b:28:77:c0, proto 50, IPSEC_SRC->IPSEC_DST, NAT (IPSEC_SRC->ETHER6_PUBLIC_IP)->IPSEC_DST, len 112 
I disabled every rule in firewall but nothing changed. The only thing that works is, to disable contrac, but i can't disable contrac since i need NAT and MANGLE.

Are there any solutions or suggestions?

Best regards
Manuel Ritter
 
alberth
just joined
Posts: 1
Joined: Wed Jul 17, 2013 10:50 am

Re: NAT bug?

Wed Jul 17, 2013 10:56 am

I've also got a issue with NAT (RouterOS 6.1)
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN src-address=\
    192.168.111.0/24
add action=masquerade chain=srcnat out-interface=WAN src-address=\
    192.168.113.0/24
add action=masquerade chain=srcnat out-interface=WAN src-address=\
    192.168.112.0/24
I've created 3 VLANS with 3 NAT rules. When I disable&enable the NAT rules, It sometimes works, but often 1 or 2 VLANS don't have NAT anymore.
After several disable/enables it works again...

Who is online

Users browsing this forum: ACHim, Amazon [Bot], anav, deadmaus911, patrick7, sindy and 88 guests