Dynamic NAT - Can this be done?

PrSliCa · March 2, 2011, 10:28pm

We have 1k customers but only 512 public IP adress. We are not doing radius auth but all clients have 172.29.xx.yy/30 block with own gateway on MT.
All traffic runs over RB1000 as main gateway to our parent ISP.

Is there a solution to make script to detect “active user” (something like first byte of traffic), on a main gateway and then perform dynamic snat/dnat rules to make this user full access to internet.

Our setup is now only snat to src-address-range but this make our users not fully access all Internet services (passive mode in SKype/MSN, torrents…)

We dont have enough IP address to make nat 1:1.

Any solution?

changeip · March 3, 2011, 4:18am

can you route public IPs to the clients, and set a short DHCP lease time? Are there ever more than 512 clients on at once?

PrSliCa · March 3, 2011, 9:41am

Probably not more then 512 clients but this is not good solution for me because we are running ip accounting…

Best solution is to do with NAT but I can figure it out how

One way is to static nat group of users (2-3 users) per IP. And then DNAT different port range for every IP, but I think this is not best solution.

…

I’m looking for solution for mikrotik to “detect traffic” and then create NAT rules… After traffic is stop, this rule can be erased.

vlad8 · March 18, 2011, 5:29pm

my solution is buy more public ips