Masquarede whole subnet

doush · May 6, 2009, 6:38pm

Hello;
On the edge router,I want to masquerade whole remote subnet 10.1.x.x through WAN IP 192.168.1.1.
But there is no interface having the WAN IP 192.168.1.1 but I own 192.168.1.0/24 .Whole subnet is routed to me from my ISP.

Help needed in firewall rules please.

doush · May 10, 2009, 3:40pm

anyone please

skillful · May 10, 2009, 4:07pm

Add 192.168.1.1/24 to you wan interface IP Address and the Source NAT 10.1.x.x/y to 192.168.1.1

/ip address add address=192.168.1.1/24 interface=wan
/ip firewall nat add chain=srcnat src-address=10.1.x.x/y action=src-nat to-addresses=192.168.1.1

OR

use netmap to source nat all 10.1.x.0/24 to 192.168.1.0/24

/ip firewall nat add chain=dstnat dst-address=192.168.1.1-192.168.1.254 action=netmap to-addresses=10.1.x.x-10.1.x.254
/ip firewall nat add chain=srcnat src-address=10.1.x.x-10.1.x.254 action=netmap to-addresses=192.168.1.1-192.168.1.254

doush · May 10, 2009, 5:16pm

thanks alot skillfull. In the 2nd option, Do I have to add the IP address to my WAN interface ?

skillful · May 10, 2009, 6:43pm

Yes, you have to add all the IP addresses to your wan interface. The command given below will help you add all the required IP address. Just copy and paste it into a terminal window. Observer that the first IP has a /24 subnet mask while all the others have /32.

/ip address add address=192.168.1.1/24 interface=wan

:for x from=2 to=254 do={/ip address add address="192.168.1.$x/32" broadcast="192.168.1.$x" comment="" disabled=no  interface=wan network="192.168.1.$x"}

I have assumed that your wan interface is named “wan”.

doush · May 10, 2009, 8:09pm

Thanks for your great script skillful. Its so helpfull.
so above script will add 254 IP addresses to my WAN interface ?

1 interface can have more than 1 IP addresses ?

Is there a way to not require to add the WAN IP to the interface ?

skillful · May 10, 2009, 8:18pm

Yes

If you must use netmap or scr-nat, you have to add the IP addresses to the wan interface. But, you can use PPPoE to assign the IP addresses directly to your clients without adding them to the wan interface.

changeip · May 11, 2009, 3:55am

are you sure? I don’t think you need to add those IPs to your WAN interface if they are being routed to you. Try it without and see what happens. Just add some nat rules and they should work. I could be wrong, but it seems like I’ve done it before…