Community discussions

MUM Europe 2020
 
bino
newbie
Topic Author
Posts: 42
Joined: Thu Jun 17, 2004 4:44 pm

2.9.30 SNAT Not Working ?

Sat Sep 30, 2006 11:27 am

Dear All

Mys new system box is RouterOS 2.9.30
here is the setup
/ip addr

add address=a.b.c.211/29 network=a.b.c.208 \
    broadcast=a.b.c.215 interface=e1net2cyber comment="" disabled=no 

add address=a.b.c.105/29 network=a.b.c.104 \
    broadcast=a.b.c.111 interface=e1net2cyber comment="" disabled=no 


add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 \
    interface=e4crosskedvb comment="" disabled=no 
[admin@BINO] ip firewall nat> /ip ro prin
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
 #     DST-ADDRESS        PREF-SRC        G GATEWAY         DIS INTERFACE
...
14 A S 0.0.0.0/0                          r a.b.c.209     e1net2cyber

/ip fir nat pri

Flags: X - disabled, I - invalid, D - dynamic
 0   chain=src-nat out-interface=e1net2cyber src-address=0.0.0.0/0
     src-address-list=ip-priv action=src-nat
     to-addresses=a.b.c.105/29 to-ports=0-65535

Note : a.b.c.105 is a public routeable IP Address


1. Try to traceroute to yahoo using that routeable IP address as source
[admin@BINO] ip firewall nat> /tool trace 209.131.36.158 src-address a.b.c.105
     ADDRESS                                    STATUS

  20 209.131.36.158  539ms 521ms 533ms
  21 209.131.36.158  535ms 520ms 565ms

2. Try to traceroute to yahoo using that 192.168.1.1 as source, hope that the SNAT is work :
[admin@BINO] ip firewall nat> /tool trace 209.131.36.158 src-address 192.168.1.1

     ADDRESS                                    STATUS
   1 0.0.0.0         timeout timeout timeout
   2 0.0.0.0         timeout timeout timeout
   3 0.0.0.0         timeout timeout timeout
   4 0.0.0.0         timeout timeout timeout
   5 0.0.0.0         timeout timeout timeout
   6 0.0.0.0         timeout timeout timeout
   7 0.0.0.0         timeout timeout timeout
Looks like the SNAT is not work

Any clue everyone ?

Regards
-bino-
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Mon Oct 02, 2006 9:00 am

Your nat rule should show counters increasing. If it's not, try to move it to the top of the srcnat chain.
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.

Who is online

Users browsing this forum: MSN [Bot] and 85 guests