There is ISP router with private p2p connection with client router. On the client side RB951-2n is used. ISP providing ine public address that i plan to use for internet access via NAT of the LAN.
I’ve configured bridge without assigning physical port to act like loopback interface with 213.x.x.2/32 public address. On WAN and LAN i’ve configured 10.20.30.2/30 and 192.168.88.0/24 respectively. Default gateway is 10.20.30.1. My goal is to NAT LAN network with loopback address and get internet connection.
I tried to configure the following NAT rule. Chain - srcnat, Out Interface - loopback0. I suppose that packets from LAN will be NATed and go to the default gateway with looback0 address. But this is not working and i can’t figure out where i am wrong.
Please help.
I did change action from masquarade to src-nat to address 213.x.x.2 and out interface to ether1-gateway(WAN). But still no internet connection. Am i doing it right?
/ip fireawall nat add chain=srcnat out-interface=ether1-gateway action=src-nat to addresses=213.x.x.2
I think you made a little mistake there though, you have 192.168.88.1/30 I think that should be /24.
Also, about your problem. What did you set your DHCP server at to provide your clients as a gateway. Your clients should use 192.168.88.1 as their gateway, not an address in 10.20.30.x since that is the routers job.
I also don’t really understand your “Local Loopback” setup. If I’m guessing correctly you received 2 IP addresses on your WAN? One is the providers internal network the other is your 'The Internet" IP?
If so, that means that your provider is routing your traffic to you on the 213.xxx.xxx.xxx IP over a transport network which is 10.20.30.xxx. If so you should configure both IP’s on the WAN interface and point it to the same gateway (10.20.30.1). Then your routers knows it should accept traffic for that IP and your providers router knows where the traffic for your 213.xxx.xxx.xxx IP goes and it should start to work.
Similar, but not the same. Masquerade selects the address automatically from outgoing interface. Which works great when the right adddress is the only one assigned to that interface. In other cases you need src-nat and tell it specifically which adress it should use.
The basic working config in your case should look like this:
/interface bridge
add name=Loopback0
/ip address
add address=192.168.88.1/24 interface=LAN
add address=10.20.30.2/30 interface=WAN
add address=213.x.x.2/32 interface=Loopback0
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=10.20.30.1
/ip firewall nat
add action=src-nat chain=srcnat out-interface=WAN to-addresses=213.x.x.2Add some logging to see how it works:
/ip firewall mangle
add chain=postrouting out-interface=WAN connection-state=new action=logAlternatively, putting 213.x.x.2 on WAN (and leaving out loopback), as suggested by Quindor, is possible too.
Hello Sob and Quindor i am very grateful for your help. Both solutions for the problem works.
Quindor all the credits for the drawing belongs to MS Visio
Indeed there is a mistake in network prefix. And you are right ISP is using 10.20.30.x/30 as a transport network and 213.x.x.2/32 is for internet access.
Sob, wow that config was super helpfull. Thank you.
