Help SCRNAT with two public subnets

RouterOS Beginner Basics
1

Scenario:
LAN network (PublicIPs Vlan10, PrivateIPs Vlan20) > [Vlan10/Vlan20 (Router) Vlan4]>ISP
Vlan 10: Public IPs LAN /29, SFP2
Vlan 20:Private IPs LAN /24, SFP2 natted
Vlan 4: Public IPs WAN /30, SFP1 directly connected to ISP

SCT-NAT/masquerade for private subnet works fine when the out interface is set to WAN(Vlan 4), but I can’t figure out how to nat Vlan 20 behind Vlan 10.

Sorry if I didn’t explain the issue properly.
So.. I got two Public IP subnets. Vlan 4 connected directly to ISP and Vlan 10 also Public IPs for my devices.
I want to NAT a private subnet(Vlan20) to use an IP from Vlan10 to access internet.

2

More detailed explanation of what “nat Vlan 20 behind Vlan 10” means might help.

3

Probably NAT is done only from ptp IP and not on other 8 available IPs.

The moderators who approve these *** posts should at least tell the new member to explain better…

4

One would think, but then again you are using logic and educational principles. :slight_smile:

5

I clarified the question, sorry about that.

6

Right, sorry about misunderstanding. I can NAT using ptp IP, my question is how to NAT using the other IPs in /29 subnet

7

Just add any number of rules according to your needs, for example:

/ip firewall nat
add chain=srcnat src-address=10.20.30.40 action=src-nat to-addresses=p.p.p.1
add chain=srcnat src-address=10.20.30.0/24 action=src-nat to-addresses=p.p.p.2
add chain=srcnat src-address=192.168.1.0/24 action=src-nat to-addresses=p.p.p.3
add chain=srcnat src-address=p.p.p.p/29 action=accept comment="do not touch public addresses"
add chain=srcnat out-interface=WAN action=masquerade comment="everything else"

They are checked from top to bottom and first matching one is used.

8

Thank you so much, I’ll try it