Masquerade not translating correct IP address.

marrold · July 9, 2014, 8:33pm

Hi all,

I have a friend using a Mikrotik RB2011 on ROS 6.7. He has a multi-wan configuration, using route distances and ‘check-gateway’ to do the failover. He has noticed that occasionally when a WAN link fails then comes back up, his VoIP phones will then stop working.

On closer inspection I can see UDP traffic is being sent out the primary interface with the IP for the failover interface.

Rules are the basic -

action=masquerade chain=srcnat comment="Outbound : WAN1" out-interface="WAN1 - Plusnet VDSL"

Why is masquerade not masquerading the correct address?

rextended · July 10, 2014, 10:49am

because previous nat connection still open, close all open connection by nat on firewall connection-tracking when wan fail.

marrold · July 10, 2014, 4:06pm

Thanks rextended!

However I would of assumed ‘Masquerade’ would always translate the IP address, regardless of previous. Perhaps a misunderstanding on my part.

You would think that if the WAN link goes down, that would take the NAT connection with it.

rextended · July 10, 2014, 4:44pm

Is not always clear to all this…