Hy,
being reading forum in search for answer and nothing to find. Can I turn off NAT after setup Hotspot? What are consequences? I wan to get clients form different subnets (10.44.128.0/27, 10.44.128.32/27, 10.44.128.64/27) to see each other (ping, netbios). Now there is NAT and have to port forward to connect some clients.
Thnx.
The hotspot does not require the 1:1 NAT. You can disable the hotspot 1:1 nat by setting the the “address-pool=none” in “/ip hotspot”.
The result will be that non-localnet ips will not be translated to localnet ips. If your clients are connected to your network all the time, you probably will not notice it is disabled.
If it doesn’t work the way you expect, you can set the address-pool to the original value.
Thnx on fast reply. Just few questions that is mistery to me 
So, to turn off 1:1 NAT I have to remove address-pool from ‘/ip hotspot’ not ‘/ip hotspot user profile’ ?
I noticed masqurade in ‘/ip firewall nat’ that is commented as hotspot network, is this have to be enabled?
Only the address-pool in “/ip hotspot” needs to be changed to disable the nat.
Check “/ip hotspot host” to check all is ok.
I do not masquerade the hotspot. I use one masquerade on the WAN interface that applies to all interfaces, not just the hotspot. If you have questions about that, please post “/ip firewall nat”.
Confusion is when you wizard hotspot setup there is checkbox “masqurade”. That masqurade is applied to interface (in my case bridge) with hotspot. I don won’t that masqurade so i will disable it?
This is post
[admin@MT - Gaijne] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 X ;;; masquerade hotspot network
chain=srcnat action=masquerade out-interface=bridge1
I implemented your sugestion so it looks that is working. Now i can ping someone on 2nd or 3rd AP.
I use the CLI, so I get this when running the setup:
masquerade network: yes
I change that to this:
masquerade network: no
Then I enter my own masquerade or srcnat.
It appears you have changed the masquerade to the correct setting. The hotspot uses “src-address=” rather than “out-interface=”. The out-interface is correct.