I use NAT through my WAN interface with Masquerade, at the moment I have a block of 5 IP’s, and obviously with Masquerade the first IP is always used. If I set the NAT to SRC-NAT and specify the range of 5 IP’s then users randomly get one of the 5 IP’s, the problem is that the user IP keeps changing and things like VPN’s, banking websites and other systems that want to see all requests coming from one IP.
Is there a way to make the NAT’d IP sticky? I have too many users to create per user NAT’ing and don’t want to create countless rules such as specifying part of my subnet range to take a particular IP, the reason I don’t want to do this is because soon I will be using 256 IP’s and the user count will be around 1000.
Resurrecting my old post here, I’m finally in the change over from pfsense to Mikrotik and trying to get the same internal src IP to always use the same public IP, I’ve created a src NAT rule with “SAME” under action and specified my IP range, but this seems to make each connection from the client device the SAME, any new connections to different sites or services seem to take on a new random public IP from the specified pool. In my case I can’t use this, I need a way to make every connection coming from said client src IP to always use the same public IP.
I have 3 internal subnets(1000 devices), and 128 public IP’s.
What is going to be the best way to achieve this? Is there anyway I can get this done using src-nat/same or do I need to us PCC? If PCC what/how is the best way?
Much appreciated.
FYI - I’ve tried these mangle rules, with SRC NAT SAME (IP RANGE) but still the IP changes every few minutes on the client side.