I am in the process of renumbering an entire organization. I have 3 Mikrotiks
172.16.8.0/22 LAN A
172.16.24.0/22 LAN B
172.16.32.0/22 LAN C

They talk among each other by small subnets such as 172.16.1.0/30.
There is a firewall at Location A. The first Mikrotik there communicates with it from 172.16.1.2/30 (mikrotik side) to 172.16.1.1/16(firewall side). The firewall, of course, NATs and goes to the internet. LAN A is currently on 192.168.20.0/24.
I need to renumber at B and C, but put the Mikrotik in operation in A temporarily using the 192.168.20.0/24 as LAN A on the MT at location A. The firewall does NATting and doesn't like this. The firewall address has a /16 so that it see the whole 172.16 as LAN. This works great on B and C in the lab. However I can get 192.168.20.0/24 to reach the internet.

I imagined I need to double NAT for that subnet. I tried the following on MT at location A:
NAT

srcnat
action: masquerade
out interface (ether1--the interface that connects to the firewall)
src address: 192.168.20.0/24

This did NOT work.

Can someone please tell me the proper way to do this. I want anything coming in on Ether2 (from 192.168.20.0/24) to be NATted to the 172.16.x on the Ether1 so that when it reached the firewall and that is NATted, it shouldn't object.

TIA

I have gotten this part working now. By nating srcroute–all IP’s
I SHOULD only have to do so for the 192. subnet

Can someone tell me how to limit that NAT thing going to/fro ether1, but coming from ether2 only?

First mark the packets coming in from ether2 only:

/ip firewall mangle
add chain=prerouting in-interface=ether2 action=mark-packet new-packet-mark=from-ether2

Then NAT those packets out ether1:

/ip firewall nat
add chain=srcnat out-interface=ether2 packet-mark=from-ether2 action=masquerade

I thought mangle might be the ticket, but am glad to have the suspicion confirmed.