I am very new to the mikrotik scene, and need some help to get masquerade working.
I need to hide one network from another using a RB750 as a bridge between the 2. The one network has the following range: 172.32.8.0/22. This is my operational network.
The other network is on the 10.184.0.0/16 range. I need to be able to access resources on the 10.X network, while the users on that network must not be able to see the 172.X network.
I heard that the masquerade function might be what I need to use. I have not had any luck to set this up using winbox.
I do not want to drop the packets from the 10.184.0.0/16 network, due to the fact that some of the user’s might need to use DHCP from that network in order to make use of some of the in-house apps that require a 10.184.x.x IP.
I purely need to hide my 172.32.8.0/22 from the 10.184.0.0/16 network using some form of NAT.
That rule only drops new connections from the 10.184.x.x net to the 172.32.x.x net. The 10.184 net can go everywhere else. The 172.132.x.x net can still ‘see’ the 10.184.x.x net.
SurferTim’s first rule is what you asked for and want. It is only dropping connections made from 10.184.0.0/16 to 172.32.8.0/22, and no other traffic from 10.184.0.0/16.
The NAT rule only “hides” the 172.32.8.0/22 IP address that is connecting to the other subnet. It does nothing to prevent 10.184.0.0/16 from “seeing” or connecting to 172.32.8.0/22.
Can’t you just configure the router with a standard NAT masquerade, using the 172.32.8.0/22 network as the LAN side and the 10.184.0.0/16 as the WAN side?
You’re contradicting yourself. Are you trying to prevent new connections from being established? Then you need filter rules. Do you need to translate IP addresses while permitting new connections? Then you need NAT. The two goals you’re stating in one post are mutually exclusive.
Assuming these networks aren’t actually bridged but routed (they have different layer 3 addressing, after all), SurferTim already posted the right generic solution:
