Community discussions

MUM Europe 2020
just joined
Topic Author
Posts: 4
Joined: Sun Dec 07, 2014 7:36 pm


Sun Dec 07, 2014 8:02 pm

I have a network of 6 routers, RB750 & RB2011 connected together using OSPF.

It seems to work well.

The two routers connecting me to the internet seem to need a NAT rule with a chain of SRCNAT and an action of MASQUERADE to work, the others don't.

Is this correct? or should I have the NAT rule on every router?


Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: ospf

Mon Dec 08, 2014 9:29 pm

It sounds correct to me, since your public IP address is assumably assinged to the ISP connected routers.
I assume you are using private IP ranges in your internal network. These IP's are not routed over the internet and outgoing traffic needs to be source-NAT'ed in order to go over the internet.
Ps. Masquerade is a special type of source-NAT'ing
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
Member Candidate
Member Candidate
Posts: 213
Joined: Mon Oct 31, 2011 11:19 am
Location: Hungary

Re: ospf

Tue Dec 09, 2014 3:14 pm

You need to NAT only on your router, that is connected to the ISP.
Posts: 59
Joined: Fri Oct 25, 2013 12:52 am
Location: Arequipa - Peru

Re: ospf

Tue Dec 09, 2014 6:53 pm

You only have to nat on the border router (router connected to isp). Because you are using ospf and it is full implemented, you should not need nat on all the devices behind, because BR knows how too reach the other devices. I really don't like masquerade because you really don't know what is happening there. Try with chain=srcnat action=srcnat src-address=x.x.x.x/x to-addresses=ip which will replace the other ips. You can also add out-interface in order to be more especific.
Network Engineer Noc Department

If it helps please give some karma

Who is online

Users browsing this forum: Bing [Bot] and 36 guests