moving from OpenBSD to Mikrotik

Mystique · June 22, 2004, 4:37pm

Hello all,

I’m trying to take out an OpenBSD 3.5 router and replace it with a Mikrotik 2.8.11 level5 cf-ide setup.

I have 3 Interfaces on the box:

Local [ 192.168.1.0/24 ]
Cable [ 24.x.y.z/30 ]
HVData [ 64.x.y.z/30 ]

The Cable and HVData have their own gateways and from HVData I get a /27 of addresses to use.

What I’m trying to do is set what outgoing IP internal IP’s go out as.

For example I would like 192.168.1.132 to go out as 64.1.2.3 and 192.168.1.0/27 to be 64.1.2.4 to the outside world when web browsing.. etc.

Right now it just goes out with the IP of HVData how can I control what people look like to the outside?

Also how to do I send back RST for blocked TCP connects that I want to deny and proper icmp/udp for the same?

I thank you for taking the time to read this and look forward to a response.

sten · June 23, 2004, 9:42am

ICMP Port Unreach for UDP is available as “Reject” but there is no RST for TCP. As i understand it’s a general iptables issue.
IMHO if you are used to PF it will be hard to find an equal substitute.

_// Sten Daniel Sørsdal

shm · July 2, 2004, 8:16am

on SRC-NAT
src-address=192.168.1.132/32 out-interface=HVDATA action=nat
to-src-address=64.1.2.3

src-address=192.168.1.0/27 out-interface=HVDATA action=nat
to-src-address=64.1.2.4

add address 64.1.2.3 and 64.1.2.4 on HVData interface