SRCNAT + VRF + MULTI_IDENTICAL_LAN

RouterOS Beginner Basics
1

How to do SRCNAT for many identical subnets?
SERVER_1, SERVER_2, SERVER_3 must connect to SERVER_10.

I can only do it for one network.
The other of the networks, the NAT firewall mechanism does not understand that these are different connections.
One sees only one connection and sends packets back to the first one who managed to do SRCNAT.
No matter how I marks packets and connections.

For example:
/ip firewall nat
add action=src-nat chain=srcnat connection-mark=CM_1 packet-mark=PM_1 dst-address=192.168.2.10 to-addresses=192.168.101.1
add action=src-nat chain=srcnat connection-mark=CM_2 packet-mark=PM_2 dst-address=192.168.2.10 to-addresses=192.168.101.2
add action=src-nat chain=srcnat connection-mark=CM_3 packet-mark=PM_3 dst-address=192.168.2.10 to-addresses=192.168.101.3

Help me please.
SRCNATMULTILAN.jpg

2

Have you tried selecting the input ethernet port with “in-interface”?
Something like:

/ip firewall nat
add action=src-nat chain=srcnat in-interface=ether2 to-addresses=192.168.101.1
add action=src-nat chain=srcnat in-interface=ether3 to-addresses=192.168.101.2
add action=src-nat chain=srcnat in-interface=ether4 to-addresses=192.168.101.3
3

Yes, sure.
This rule does not apply:
“Couldn’t change NAT Rule … incoming interface matching not possible in output and postrouting chains.”

4

I see, my bad :frowning:

Maybe you can replicate/adapt this approach :confused: :
http://forum.mikrotik.com/t/multiple-device-with-same-ip-access/142619/1

5

Unfortunately this doesn’t work.
The NAT table only remembers address:port.
If Mikrotik makes an extended NAT table with connection-mark storage. This will be a revolution.