I have several IPs given to me by my ISP, which share the same traffic speed, interface, subnet and everything.
I’d like to masquerade some of my users to one IP, and another set to another IP, plus having an IP for the router itself. I already have address lists called NAT1 and NAT2, for the first and second IP respectively.
I know I could use action=src-nat, but I hoped I could make the IP set more… portable let’s say (so that if I change it in one place, it gets affected everywhere). I tried to use rules similar to NTH load balancing, minus the NTH matching (i.e. the list is predefined).
I have the following:
/ip address
add address=192.168.0.1/24 interface=local network=192.168.0.0
add address=xx.xx.xx.114/29 comment=ITD interface="public ITD" network=xx.xx.xx.112
add address=xx.xx.xx.115/29 comment=ITD interface="public ITD" network=xx.xx.xx.112
add address=xx.xx.xx.117/29 comment=ITD interface="public ITD" network=xx.xx.xx.112
/ip route
add check-gateway=arp distance=1 gateway=xx.xx.xx.113 pref-src=xx.xx.xx.115 routing-mark=ip1
add check-gateway=arp distance=1 gateway=xx.xx.xx.113 pref-src=xx.xx.xx.117 routing-mark=ip2
add check-gateway=arp distance=2 gateway=xx.xx.xx.113 pref-src=xx.xx.xx.114
/ip firewall mangle
add action=mark-routing chain=prerouting in-interface=local new-routing-mark=ip1 passthrough=no src-address-list=NAT1
add action=mark-routing chain=prerouting in-interface=local new-routing-mark=ip2 passthrough=no src-address-list=NAT2
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24
but all IPs always get NAT-ed to xx.xx.xx.114 (which is the IP meant for the router), regardless of whether they’re at NAT1 or NAT2. In particular, it seems the dynamic rule
add distance=0 dst-address=xx.xx.xx.112/29 gateway="public ITD" pref-src=xx.xx.xx.114 scope=10
is always matched. Any ideas how this could be done? Preferably without polluting the NAT list with action=src-nat to the specific IP.