srcnat masquerade not working

iellison · December 1, 2005, 5:36pm

I’m using 2.9.8 on a RB230.

ether1 IP - 192.168.2.1/24
DHCP Server on ether1, address pool of 192.168.2.100-192.168.2.199

wlan1 IP - 192.168.109.2/24 (routed internally for administrative purposes)

pppoe-user - PPPoE connection to wireless AP via wlan1, public address.

0 chain=srcnat out-interface=pppoe-user src-address=192.168.2.0/24 action=masquerade

I can access the internet from the MT terminal, but NAT’d clients aren’t going anywhere, and the firewall doesn’t show that the packets originating from 192.168.2.0/24 are even matching the src-nat rule. Any ideas?

proxy · December 1, 2005, 5:40pm

try this

ip firewall nat> add chain=srcnat src-address=192.168.2.0/24 action=masquerade

iellison · December 1, 2005, 5:57pm

Tried that too, still nothing.

acim · December 1, 2005, 10:03pm

add chain=srcnat out-interface=pppoe-user action=masquerade

and delete other srcnat rules. And you have to set default gateway (if not set automatically), public IP of your PPPoE connection. If you have further problems, there must be something wrong with forward rules.

changeip · December 1, 2005, 11:24pm

connection tracking is on?

Sam

djape · December 2, 2005, 10:06am

Good point

If connection tracking is disabled firewall rules will not work!

Cheers…