I need to bypass the masqurade rule on my router pc for all trafic to the voip server on IP 192.168.108.2
This critical as the voip server must see the IP of every incoming connection and not all of them coming from the router pc.
Any ideas???
/ip firewall nat add dst-address=192.168.108.2 action=accept place-before=0 disabled=no
p.s. so, why do you need masquerading at all?..
i cant seem to get anything to work only if i use masquerade rule
but it could be confingeration i think
but not shore
so either you solve your problem by yourself, or you post here your network configuration, and we’ll try to help you 
well i have everything in bridge mode
and im trying to get my backbone to work on ospf
but in not comming right
i have this
x86(mikrotik)--------433ah-wireless---------rb600-433ah-433ah
and all other towers connect wirelessly to Rb600-433ah-433ah
but also have clients connection to 433ah
so were do i start do i put a static ip address too all interfaces or leave them all black and set up ospf
???
that will get me started to what im looking for my network as bridge mode sux
I need to masqurade my network as I have private IP ranges internally and the internet only sees my public IP
but 192.168.108.2 is not the Internet, so if you are masquerading all requests to 192.168.108.2 - it’s just a misconfiguration, nothing else. what’s your config?
xezen, you do need ip address on every interface. after that, you can setup ospf to dynamically distribute all routes in your network
but 1 question first
i have 433ah with 3 wireless cards
can i go ether 1 10.0.0.1/32
ether2 10.0.0.2/32
ether3 10.0.0.3/32
etc
or whats the best whay to control ip address for the ospf
in regards to eth1,2,3
and wlan 1,2,3
on the same routerboard?
you only need /32 address as loopback address for OSPF (as Maris said on MUM-CZ… I still can’t understand why do we need it 
)
anyway, you need correct IP networks on your interfaces (for example, /24 - but not /32)
so i can have ip address like like 10.0.0.1/24 on ether1
and 10.0.0.2/24 on ether 2
or must i have them as ether 1 10.0.0.1/24
and ether 2 10.0.1.1/24
as what i understand i cant have the same ip addess range on the same interface only if i bridge is this correct?
yes, you should setup different subnets on different interfaces
I have a router pc with 9 ether ports.
ether 1 - 192.168.102.1 - from rb600 with back bone links
ether 2 - 192.168.101.1 - from rb433 public hotspot
ether 3 - 192.168.103.1 - from internet
ether 4 - 192.168.104.1 - pc
ether 5 - 192.168.105.1 - from radius manager
ether 6 - 192.168.106.1 - from rb433 ap
ether 7 - 192.168.107.1 - from internet
ether 8 - 192.168.108.1 - to voip server. This is used by our subscriber of our internal nertwork only. Never from th internet
ether 9 - not used
Only ether 3 and 7 need to be masquraded.
0 chain=srcnat action=accept dst-address=192.168.108.2
1 chain=srcnat action=masquerade
2 chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
connection-mark=http-conn
3 chain=dstnat action=dst-nat to-addresses=196.43.2.142 protocol=tcp
dst-port=25
Is there any way of only aplying the masqurade rule to ether 3 & 7 only ??
add ‘in-interface’ parameter to your rules
on which rule ??
Have tried it on the genral maqurade rule but it does not accept
does not accep what?..
i got the same request.
we got a tower with clients connection to it via pppoe (10.0.1.0/24 range) and got a TV server on the same tower (192.168.1.10)
Its all on a 433AH board - eth 1 192.168.1.1 with the pppoe server on wlan1
I want the TV server to see every client IP (10.0.1.0/24) and not the IP of eth1 of the MT as is now the case if I use masquarade.
how can i do this?
chu..you code doesnt have a chain in it.
/ip fi nat add chain=srcnat dst-address=192.168.1.10 action=accept place-before=0
?..
and then i just add a route to the client on the ip server and a masquareade rule on the main link to the internet?
thx ill try it and let you know.
thx!! it works great