I am replacing an existing nat firewall. This device has multiple masquerade addresses.
Given a set of public addresses, PUBa, PUBb, PUBc, each has a prefix list of internal address prefixes associated with it, LISTa, LISTb, LISTc. What is the best method of setting this up in the NAT table?
Many thanks for any assistance,
Tim McKee
I think your best bet would be to use netmap, it maps between external and internet network ranges.
netmap - creates a static 1:1 mapping of one set of IP addresses to another one. Often used to distribute public IP addresses to hosts on private networks
You can read more about it here: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#1:1_mapping
/ip fi ad ad ad=1.2.3.0/24 list=LISTa
/ip fi ad ad ad=1.2.5.0/24 list=LISTa
/ip fi nat ad chain=srcnat src-address-list=LISTa action=src-nat to-addresses=PUBa
for each group
ADD: or, if there are only one internal prefix:
/ip fi nat ad chain=srcnat src-address=LISTa action=src-nat to-addresses=PUBa
This is not a 1:1 mapping, although I do have some of those in a different plac.
Chupaka’s response is just what I expected and need, but was not in a position to test prior to turnup.
Many thanks for the fast responses!
Tim McKee