Using RB1100, I am trying to NAT traffic based on incoming interface.
Say - “All traffic coming in from interface Eth5 NAT to external ip on WAN port”
the source traffic can have many addresses, so src-nat by address is akward
Am I missing something simple?
(clear, old, question)
No, you understood it right.
These are the kind of things that hinders adoption of Mikrotik by intermediate level users.
The solution would be to mark traffic on the incoming interface(s) and src-nat by marked traffic.
How many WANIPs do you have?
Lets say two,
(A) takes care of masquerade out the router.
sourcenat masquerade out-interface=wan1
sourcenat masquerade out-interface=wan2
(or sourcenat masquerade out-interface-list=WAN)
(B) takes care of ensuring ethernet5 to the interenet uses WAN2.
ip route primary ISP
Ip route secondary ISP
ip route secondary ISP route-mark=wan2
route rule
interface=ether5, action=lookuptable table=WAN2
Please note that internal src-nat is a typical need also when a accessing (managing) non-routed networks / subnets over VPN etc, while wanting to retain traceable logs of entering and exiting traffic.
Traffic enters via management node vpn interface from a remote subnet which is not available via the local subnets default gateway. (instead of doing src-nat at remote subnet)