Wee funs here.
I am trying to consolidate some stuff into one box for ease of management/replacement if need/cleaning up the rack.
I need to setup a rule to masquerade 10.0.0.0/8 via ip x.x.x.1 but not impede routing for the rest of the networks.
Obviously this rule
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=HotspotFeed
will NAT everything trying to exit the HotspotFeed interface.
I tried to amend this with
add action=masquerade chain=srcnat comment=“” disabled=no dst-address=x.x.x.1 out-interface=HotspotFeed src-address=10.0.0.0/8
But, that did not work. Any ideas what I am missing to make it NAT the 10.x space and ignore (thus route) everything
else?
There will also be a hotspot on this unit for the 10.x range, but not for the public C’s
How about this:
/ip firewall nat
add chain=srcnat action=src-nat src-address=10.0.0.0/8 to-addresses=x.x.x.1
ADD: Order is important. This rule should be before any other srcnat or masquerade.
Interesting, this worked. Does there not need to be a masquerade statement someplace? I simply disabled the original one and mine and moved that one to top with them.
Now to figure out what bunged up the hotspot and I will be much happier! 
No masquerade needed. I use masquerade only when the public interface gets its ip by dhcp, so you don’t know what the ip is going to be in advance.
LAN A 10./8 [core router] [remote router] LAN B
That works. There do seam to be some caveats.
A) I have a PPtP (over the internet) between 2 networks and it now does not route over it. Kill the srcnat rule and routing fully works, and NAT of course is dead.
B) There also seams to be a little sluggishness in the NAT now. Not sure what is it or how to define it better then “latency” but pings are spot on where they were before. Things just seam, slower to respond.
Ideas? It will be some time before the renumber is done so NAT will be around for some time