masquerade

xezen · July 8, 2009, 5:59pm

question i have a x86 box acting as a radius server
now with masquerade

what the best to set it up add action=masquerade chain=srcnat comment=“” disabled=no src-address=
10.0.0.64
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
10.0.0.65
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
10.0.0.66
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
10.0.0.67
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
10.0.0.68
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
10.0.0.69
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
10.0.0.70
add action=masquerade chain=srcnat comment=“” disabled=no src-address=
10.0.0.71

for each pppoe ip address or just on the out interface of the router connection

Egate · July 8, 2009, 9:36pm

Just do on out interface, unless you of cause have time spare to put each user on his own. Just kidding, will work fine on out interface.

xezen · July 9, 2009, 6:05am

so i would do this

1)/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=wlan1

or

2)/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no

as 2 will masquerade local trafic

i have this setup

server------------ap-----------client

ap bridged
client is in wds mode

and client has masquerade like number 2
and server has masquerade like number 2
so is it best to change them to number 1
what would be the diffrence
if i impliment 1 and 2

im just trying to find out the diffrence and trying to get a better understanding on what masquerade does exactly

janisk · July 9, 2009, 7:20am

you do this:

/ip firewall nat
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=wlan1

if your outgoing interface is wlan1

also notice, that you dont have to maquarade networks you control, just masquerade your traffic that goes to your upstream provider if you are using local addresses.

(internet) — (border router) — (server) — (ap) — (clients)

usually masquerade is done on border router.

xezen · July 9, 2009, 7:48am

so i have no need to do it on clients board if the client has no firewall settings?

as i have the rule on all my ap clients and server

janisk · July 9, 2009, 10:59am

no, while you control what route goes where you can simple manage with routing. In internet, of course, nobody will recognise local addresses and most probably will drop packets, so you have to masquerade.

xezen · July 9, 2009, 11:36am

SO WHAT THE BET WAY TO ROUTE EVERYTHING TO THE SERVER AND MANAGE FROM THET AS I HAVE A BRIGED TYPE NETWORK?

janisk · July 9, 2009, 12:25pm

it has nothing to do with bridge or routed internal network - as long as it is your internal one, you should choose one that fits your needs.

xezen · August 6, 2009, 1:21pm

so lets say i have a 411ah

3 interfaces

ether1
wlan1
pppoe-out1

that connects out interface wlan1

so do i set wlan as my internet out interface or pppoe as my out interface to masqurade?

bdr · August 7, 2009, 9:06am

Hello,

If you need PPPoE client to connect to the Internet - PPPoE client is your out interface.

best regards