I have a routed /29 public subnet (xx.yy.zz.16/29) and want to use one of those addresses (the one applied to my bridged WAN connection, xx.yy.zz.20) for the whole 10.0.0.0/24 private LAN's NAT/PAT, and another address (xx.yy.zz.22) for static NAT for a specific machine on the LAN which has high traffic. 10.0.0.10 in the test setup.
The general NAT works perfectly. The Static NAT PC received no return traffic. I see the DNS request go out in the log, and that's all.
I have disabled the general NAT and the static still fails. I have also tried putting the xx.yy.zz.20 address into the static rule instead of .22, and then it works. But not when I put .22 back in.
It seems the the failure is caused simply by putting the .22 address in there. There is nothing wrong with the address; I tried assigning it to another PC and putting that onto the bridge directly. That got out to the internet with no trouble.
What am I doing wrong?
These are the two rules:
0 chain=srcnat action=src-nat to-addresses=xx.yy.zz.22 src-address=10.0.0.10 out-interface=bridge1 log=yes log-prefix=""
1 XI chain=srcnat action=src-nat to-addresses=xx.yy.zz.20 src-address=10.0.0.0/24 out-interface=bridge1 log=no log-prefix=""
This is all I get in the log:
srcnat: in:(none) out:bridge1, src-mac 02:00:00:00:02:02, proto UDP, 10.0.0.10:34248->220.127.116.11:53, len 63
Some more of my config:
In my working Cisco config, I have this:
Code: Select all
[admin@MikroTik] /ip address> print # ADDRESS NETWORK INTERFACE 0 ;;; added by setup 192.168.1.77/24 192.168.1.0 ether2 1 xx.yy.zz.20/29 xx.yy.zz.16 bridge1 2 10.0.0.254/24 10.0.0.0 ether3 [admin@MikroTik] /ip route> print # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 xx.yy.zz.17 1 1 ADC 10.0.0.0/24 10.0.0.254 ether3 0 2 ADC xx.yy.zz3.16/29 xx.yy.zz.20 bridge1 0 3 ADC 192.168.1.0/24 192.168.1.77 ether2 0
ip nat inside source list NAT_ACL interface BVI1 overload
ip nat inside source static 192.168.1.2 xx.yy.zz.21 // .21 is the real one in use on my network - .22 is free and used for testing