Hello. I am running masquerade on version 3.2. I need to assign a different source address to departing packets from a specific inside PC. I have assigned a second public IP address to the outside interface, but I cannot figure out how to assign this this additional IP address to packets from the specific inside PC? Can someone point me in the right direction? Thanks.
use src-nat instead of masquerade
I figured this would be it but it errors at the final to-addresses.
ip firewall nat add chain=srcnat src-address=192.168.1.31 to-address=161.7.yy.yy
action=src-nat to-addresses=216.14.xx.xx
Do you see something wrong with it?
to-address=161.7.yy.yy - ???
maybe, dst-address= ?
The line that gets accepted is
ip firewall nat add chain=srcnat src-address=192.168.1.31 dst-address=161.7.yy.yy
action=src-nat to-address=216.14.xx.xx
but I’m still blocked at the remote server. I have verified that a packet with the right source address gets in. I have tried with the 216.14.xx.xx address assigned at the interface, and not.
Any other thoughts? Thanks.
did you verify that your rule counts packets? if you remove your ‘dst-address’ parameter, can you still browse the Internet? what is shown on http://get-myip.com ? did you place your dst-nat rule above your masquerade rule?
Youdaman Chupaka. I didn’t realize the order of the rules was relevant.
Thanks.