Hello,
I’m using CCR1009-8G-1S with latest RouterOS. We have few public IP from our provider (for this example it’s 2.2.2.2). This is our NAT configuration:
/ip firewall nat
add action=netmap chain=srcnat comment="NAT 1:1" out-interface=\
Bonding-WAN src-address=192.168.7.2 to-addresses=2.2.2.3
add action=netmap chain=dstnat dst-address=2.2.2.3 to-addresses=\
192.168.7.2
add chain=srcnat comment="IPSec VPN" dst-address=192.168.0.0/21 \
out-interface=Bonding-WAN src-address=172.16.3.0/24 to-addresses=0.0.0.0
add action=netmap chain=srcnat src-address=172.16.3.0/24 to-addresses=\
2.2.2.4
add action=netmap chain=dstnat dst-address=2.2.2.4 to-addresses=\
172.16.3.2
add action=netmap chain=srcnat comment="Private VLANs -> Public IP" \
out-interface=Bonding-WAN src-address=172.16.0.0/16 to-addresses=\
2.2.2.2
Our ISP is sending complains to me about problems with our NAT. Every hour they received few packets which are not translated and they have source address from our private range. These packets are blocked with BCP38 rule on our provider side. We have same problem with all rules above.
Have you any experience with this problem? Thank you!
