Hello,
I have some troubles with srcnat and masquerade for internet access. I thought that I need one rule with srcnat and masquerade with outgoing interface to my internet router. But the rule only works if I set "outgoing interface" to "all". But thats what I don't want because in this case every connections (e.g. from one subnet to another subnet" will be masquerade. I only want and need masquerade from every subnet to the internet. Where's my fault?
To my setup:
I have internal 5 subnets:
ADDRESS NETWORK INTERFACE
0 10.10.10.1/24 10.10.10.0 ether5
1 10.10.90.1/24 10.10.90.0 VLAN 90
2 10.10.200.1/24 10.10.200.0 VLAN 200
3 10.10.210.1/24 10.10.210.0 VLAN 210
4 10.10.220.1/24 10.10.220.0 VLAN 220
Network "0" goes untagged through ether5 to my switches, the other LANs are tagged VLANs (bridged) and the are going tagged through ether4:
[admin@MikroTik] /interface vlan> print
Flags: X - disabled, R - running, S - slave
NAME MTU ARP VLAN-ID INTERFACE
0 R VLAN 210 1500 enabled 210 bridge_netzwerke
2 R VLAN 220 1500 enabled 220 bridge_netzwerke
3 R VLAN 200 1500 enabled 200 bridge_netzwerke
4 R VLAN 90 1500 enabled 90 bridge_netzwerke
[admin@MikroTik] /interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic
INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 ether4 bridge_netzwerke 0x80 10 none
Internet is connected via ether2 as tagged VLAN 463. This is a bintec 4g LTE Device which needs on his connected port untagged LAN with DHCP Server an option43 for config attributes and for the way back VLAN 463 tagged with DHCP client active. The device gives the public ip from the provider back, this works fine!
5 172.168.1.1/24 172.168.1.0 ether2
6 D 10.110.184.104/28 10.110.184.96 VLAN 463
But why doesn't my srcnat masquerade firewall rule only works with "all" for interfaces??? This ist what I don't want because for internal traffic between different subnets I want to see the original src IP address ... hmmmm ...