I need to map an entire /24 subnet to a specific single ip address on our router. How do I do this? Would netmap accomplish this?
/ ip firewall nat
add chain=srcnat out-interface=ether1 src-address=192.168.0.0/24
action=netmap to-addresses=10.0.0.1 to-ports=0-65535
Thanks,
Ken
I don’t think netmap is the answer for you. That maps a range of IPs to a range of IPs. If I understand you correctly, you want to masquerade a local net as ether1.
/ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
This “allows” your local net access to ether1, and to the outside world you look like the router’s ether1 IP.
I would like to be able to specify which IP address the masquerade rule uses and this isn’t possible with a normal masquerade rule.
Thanks,
Ken
How about this? This is supposed to “masquerade” the local net as 68.99.58.98. I haven’t verified that this works.
/ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=src-nat to-addresses=68.99.58.98
Thanks, I’ll give that a try.
I feel unsure about the action tho. Somehow I feel that should be “masquerade” and not “src-nat”. The docs say src-nat. My brain says masquerade.
EDIT: I just did a check. I use version 2.9.46, and it has a challenge with dns if you change any IP addresses after setting up the dns. I had to reset my MT box and start over.
This works if all is entered in the correct order:
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=xxx.xxx.xxx.xxx src-address=192.168.0.0/24
It must be done in this order on my box:
1 - All IP addresses for all interfaces
2 - gateway
3 - dns
4 - dhcp
5 - nat
To check for valid dns, try pinging a domain name:
/ping email.prolectron.net
If dns is corrupted, you will get a message like “invalid argument”.