Community discussions

User avatar
Topic Author
Posts: 34
Joined: Wed May 29, 2019 10:18 am

Default NAT

Sun Aug 11, 2019 1:34 pm

Hi everyone,

is it normal that by default I have two srcnat ?? ->
 0    ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
chain=srcnat action=masquerade out-interface=ether1
Is the rule 1 is not enough by her own ? meaning can I delete the rule 0 ? (I should still have full NAT on my network correct ?)
Device: Hex: RB750Gr3
Forum Guru
Forum Guru
Posts: 4411
Joined: Mon Apr 20, 2009 9:11 pm

Re: Default NAT

Sun Aug 11, 2019 7:28 pm

You can have as many srcnats as you want, but it's not default config. If we can trust comments, rule #0 is from default config and someone added #1 manually. Why, that's a question, because rule #0 should be enough.

Default config now uses interface lists, so you can reuse interfaces in several places and only change the list if required, instead of changing several different things. You can use it or not, it's up to you. Default config also excludes traffic in IPSec tunnels from default srcnat, but if you don't use IPSec, you don't need that part (removing it will probably save 0.000nothing% processing power).
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: No registered users and 19 guests