Hi,
i have for example 199.10.1.224/22 (not my public ip). I want to srcnat all customers using all public ips from the same ISP in the example. If doable.
Please no need for more setup explanations. The question is so simple. If anyone has an idea…I am all ears.
Best Regards.
No explanations (except that 199.10.1.224/22 is not a valid range of addresses so I use 199.10.224.0/22 instead).
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=199.10.224.1-192.10.227.254 out-interface=your-wan-interface-name
. ofcourse i gave as an example without checking if it is valid or not.
Thanks Sindy. I will check your solution.
Best Regards.
Hello Sindy,
are you sure, Mikrotik will use all public ip address range in a round-robin way?
Thanks.
I’m not, try it.
If it doesn’t, you can enforce it the following way:
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=199.10.224.9 nth=5,1 out-interface=your-wan-interface-name
add chain=srcnat action=src-nat to-addresses=199.10.224.10 nth=5,2 out-interface=your-wan-interface-name
add chain=srcnat action=src-nat to-addresses=199.10.224.11 nth=5,3 out-interface=your-wan-interface-name
add chain=srcnat action=src-nat to-addresses=199.10.224.12 nth=5,4 out-interface=your-wan-interface-name
add chain=srcnat action=src-nat to-addresses=199.10.224.13 nth=5,5 out-interface=your-wan-interface-name
This would be if you have a subnet ****
199.10.224.8/29
and the gateway is
199.10.224.14
.
maybe using the option
same
on action of NAT rule
action=same
does the reverse, it attempts to assign the same IP address from the pool to all requests coming from the same internal address. But this happened even with normal
action=src-nat
when I’ve tried a couple of weeks ago, so I didn’t really understand the purpose of
same
.
Hello,
same…does not help for this purpose.
I am affraid of asymmetric routing problem here.
Also will Mikrotik keep tracking all connections from both directions between each public ip and its own related (translated) internal ip.
Just quick questions came to my mind…
I will check for a few days to see the results.
The nth method is for load balancing…I have to check it also for this purpose here.
P.S. The easiest solution, will be to use a script that changes each hour for example the srcnatted public ip.
Thanks.
???
Also will Mikrotik keep tracking all connections from both directions between each public ip and its own related (translated) internal ip.
Yes, this works automatically, NAT is a property of connection tracking, so no worry here.
The nth method is for load balancing…I have to check it also for this purpose here.
That does not mean that it would not work here. The ****
nat
table is only passed by packets with
connection-state=new
. The only issue is that the way I’ve quickly put them they wouldn’t distribute the traffic among the addresses evenly because there is no
passthrough=yes
option in
nat
table, so you would have to order them, top to bottom,
nth=5,1
;
nth=4,1
;
nth=3,1
;
nth=2,1
; no
nth
matcher.
The easiest solution, will be to use a script that changes each hour for example the srcnatted public ip.
It would work but I cannot see the sense if you would rotate the addresses that slowly. Normally you use several src-nat addresses to have a larger pool of ephemeral TCP ports. Plus you’d brush the disk 
If you have enough addresses to assign to all customers then the cleanest solution would be to set up a pppoe server. Then each customer will have their own ip and if you use a radius server you will have good stats/accounting
Forget about this statement, it is not related to the main goal of this thread.
Best Regards