masquerading in rc10 - problems

We are experiencing difficulties masquerading a private network in rc10.

We don’t have any problem in routing a public network.

But when i do a masquerade rule for our private network, mikrotik seems to not know how forward back to private the response from the internet.

this is the src-nat rule:
0 chain=srcnat out-interface=Border src-address=192.168.10.0/24
action=masquerade


In fact i used ethereal on our border router, next hop, after MT, to inspect the packets’ flow.
I see the packet goes out, come back to the ip of the interface whe the masquerade rule is referring, but then MT seems not to deliver it to the private ip.

To test it, I added a dst-nat rule from public to private ip, and everything started to work.

So I think should be a problem in rc10 about NAT.

Thanks

Do you have connection tracking turned off by any chance?

Masquerading is working fine on my RC10 systems.

no, connection tracking is on!

but each value is set to 00:00:00

should I rplace those values to the 2.8?

thanks

I think with a connection timeout of 00:00 connection tracking is effectively disabled

I’d suggest putting some sensible values in there (just copy from another of your systems, for example). I suppose masquerading will start to work then. Because now the router is forgetting the to-be-masqueraded connections in 00:00, i.e. instantly. Then it doesn’t know how to reverse the masquerading on the arriving packets to transmit them back to your internal (masqueraded) machine(s)…

Let us know how this is going.

I coiped the values to the standards’ 2.8

I can’t see if it is working because it is in a remote location, and the private network is down right now.

But your explanation is perfectly logical and I am 100% sure now it is working.

Thanks about the tip.

Best Regards
Rosario

You’re welcome - when it doesn’t work tomorrow, just come back to me