Masquerading public IP's

Jrslick22 · February 28, 2008, 8:09pm

I have a main router with a masquerade rule setup on it for all traffic out of my public Ethernet interface.

this router(a) is connected to a second router(b) on a p2p link using RIP, the second router has the customer(c) on it (pppoe) with a public ip assigned to them.

I want to setup a firewall rule so that the customer(c) outgoing traffic is marked with there own IP not the man masqueraded one.

existing rule:
chain-srcnat action=masquerade out-interface=public

Im thinking:
chain-srcnat action=masquerade out-interface=public src-address=x.x.x.x (customer ip)

will this work? will this rule need to be higher than the fist rule in the list also?

cheers.

Jrslick22 · February 29, 2008, 9:11pm

anyone please

Jrslick22 · March 3, 2008, 7:29pm

Anyone from MT? Please

gmsmstr · March 3, 2008, 11:58pm

My first thought was to tell you to src-nat, but it looks like you are giving the customers public IPs via PPPoe, in that case, why would you want to masq anything, they should go out their public IP, however, since you don’t have a src-address limited to the scope of your private network, all traffic gets masqed. So.. Put in a src-address of your private network only, then any customers with publics will just route out and all will be well..

Jrslick22 · March 4, 2008, 1:26am

Wonderful, thanks very much.