I have a nat rule to masq anything from my internal network to the outside ip but I have a network on the outside of my mikrotik which I do not want connections from the internal network to be nat’d, just routed. Any ideas? I am guessing it would be a dst-nat rule with the dst-address as the network on the outside I wish to access but I cant figure out which action to use.
you should be able to use ‘return’ to dump them out of the nat chain.
I tried that before but was doing dst-nat, not src-nat. Once I switched to src-nat it worked!
Working nat rules:
[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat dst-address=10.42.88.0/22 protocol=tcp action=return
1 chain=srcnat dst-address=65.175.13.0/24 protocol=tcp action=return
2 ;;; masquerade hotspot network
chain=srcnat src-address=10.42.84.0/23 action=masquerade
Thanks!!!
This works but CPU load does not decrease, so it seems that conntracking is still active for these connections.
Is there a way to avoid this? I need that because the connection is maxing out at 100Mbps now, but according to Mikrotik performance tests RB750G* should be capable of routing >100Mbps.