Tue Mar 28, 2017 3:31 pm
Hi all,
Resurrecting my old post here, I'm finally in the change over from pfsense to Mikrotik and trying to get the same internal src IP to always use the same public IP, I've created a src NAT rule with "SAME" under action and specified my IP range, but this seems to make each connection from the client device the SAME, any new connections to different sites or services seem to take on a new random public IP from the specified pool. In my case I can't use this, I need a way to make every connection coming from said client src IP to always use the same public IP.
I have 3 internal subnets(1000 devices), and 128 public IP's.
What is going to be the best way to achieve this? Is there anyway I can get this done using src-nat/same or do I need to us PCC? If PCC what/how is the best way?
Much appreciated.
FYI - I've tried these mangle rules, with SRC NAT SAME (IP RANGE) but still the IP changes every few minutes on the client side.
/ip firewall mangle
add chain=input in-interface=P2 action=mark-connection \
new-connection-mark=P2_conn
add chain=output connection-mark=P2_conn action=mark-routing \
new-routing-mark=to_P2
add chain=prerouting dst-address=1.1.1.1/24 action=accept in-interface=Lan
add chain=prerouting dst-address-type=!local in-interface=Lan \
per-connection-classifier=both-addresses-and-ports:1/0 action=mark-connection \
new-connection-mark=P2_conn passthrough=yes
add chain=prerouting connection-mark=P2_conn in-interface=Lan \
action=mark-routing new-routing-mark=to_P2
/ip route
add dst-address=0.0.0.0/0 gateway=1.1.1.2 routing-mark=to_P2 \
check-gateway=ping
add dst-address=0.0.0.0/0 gateway=1.1.1.2 distance=1 check-gateway=ping