Page 1 of 1

Again, how to use all public IPs i have.

Posted: Tue May 01, 2018 6:00 pm
by zaherhamiyah
Hi,

i have for example 199.10.1.224/22 (not my public ip). I want to srcnat all customers using all public ips from the same ISP in the example. If doable.

Please no need for more setup explanations. The question is so simple. If anyone has an idea....I am all ears.


Best Regards.

Re: Again, how to use all public IPs i have.

Posted: Tue May 01, 2018 7:57 pm
by sindy
No explanations (except that 199.10.1.224/22 is not a valid range of addresses so I use 199.10.224.0/22 instead).
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=199.10.224.1-192.10.227.254 out-interface=your-wan-interface-name

Re: Again, how to use all public IPs i have.

Posted: Tue May 01, 2018 8:25 pm
by zaherhamiyah
No explanations (except that 199.10.1.224/22 is not a valid range of addresses so I use 199.10.224.0/22 instead).
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=199.10.224.1-192.10.227.254 out-interface=your-wan-interface-name
:). ofcourse i gave as an example without checking if it is valid or not.

Thanks Sindy. I will check your solution.

Best Regards.

Re: Again, how to use all public IPs i have.

Posted: Tue May 01, 2018 8:29 pm
by zaherhamiyah
No explanations (except that 199.10.1.224/22 is not a valid range of addresses so I use 199.10.224.0/22 instead).
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=199.10.224.1-192.10.227.254 out-interface=your-wan-interface-name
Hello Sindy,

are you sure, Mikrotik will use all public ip address range in a round-robin way?

Thanks.

Re: Again, how to use all public IPs i have.

Posted: Tue May 01, 2018 8:46 pm
by sindy
are you sure, Mikrotik will use all public ip address range in a round-robin way?
I'm not, try it.
If it doesn't, you can enforce it the following way:
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=199.10.224.9 nth=5,1 out-interface=your-wan-interface-name
add chain=srcnat action=src-nat to-addresses=199.10.224.10 nth=5,2 out-interface=your-wan-interface-name
add chain=srcnat action=src-nat to-addresses=199.10.224.11 nth=5,3 out-interface=your-wan-interface-name
add chain=srcnat action=src-nat to-addresses=199.10.224.12 nth=5,4 out-interface=your-wan-interface-name
add chain=srcnat action=src-nat to-addresses=199.10.224.13 nth=5,5 out-interface=your-wan-interface-name
This would be if you have a subnet
199.10.224.8/29
and the gateway is
199.10.224.14
.

Re: Again, how to use all public IPs i have.

Posted: Tue May 01, 2018 8:50 pm
by chechito
maybe using the option
same
on action of NAT rule

Re: Again, how to use all public IPs i have.

Posted: Tue May 01, 2018 9:12 pm
by sindy
maybe using the option
same
on action of NAT rule
action=same
does the reverse, it attempts to assign the same IP address from the pool to all requests coming from the same internal address. But this happened even with normal
action=src-nat
when I've tried a couple of weeks ago, so I didn't really understand the purpose of
same
.

Re: Again, how to use all public IPs i have.

Posted: Tue May 01, 2018 11:40 pm
by zaherhamiyah
Hello,

same.........does not help for this purpose.

I am affraid of asymmetric routing problem here.
Also will Mikrotik keep tracking all connections from both directions between each public ip and its own related (translated) internal ip.

Just quick questions came to my mind....

I will check for a few days to see the results.

The nth method is for load balancing....I have to check it also for this purpose here.

P.S. The easiest solution, will be to use a script that changes each hour for example the srcnatted public ip.

Thanks.

Re: Again, how to use all public IPs i have.  [SOLVED]

Posted: Wed May 02, 2018 12:12 am
by sindy
I am affraid of asymmetric routing problem here.
???

Also will Mikrotik keep tracking all connections from both directions between each public ip and its own related (translated) internal ip.
Yes, this works automatically, NAT is a property of connection tracking, so no worry here.

The nth method is for load balancing....I have to check it also for this purpose here.
That does not mean that it would not work here. The
nat
table is only passed by packets with
connection-state=new
. The only issue is that the way I've quickly put them they wouldn't distribute the traffic among the addresses evenly because there is no
passthrough=yes
option in
nat
table, so you would have to order them, top to bottom,
nth=5,1
;
nth=4,1
;
nth=3,1
;
nth=2,1
; no
nth
matcher.

The easiest solution, will be to use a script that changes each hour for example the srcnatted public ip.
It would work but I cannot see the sense if you would rotate the addresses that slowly. Normally you use several src-nat addresses to have a larger pool of ephemeral TCP ports. Plus you'd brush the disk :-)

Re: Again, how to use all public IPs i have.

Posted: Wed May 02, 2018 12:15 am
by networkfudge
If you have enough addresses to assign to all customers then the cleanest solution would be to set up a pppoe server. Then each customer will have their own ip and if you use a radius server you will have good stats/accounting

Re: Again, how to use all public IPs i have.

Posted: Wed May 02, 2018 8:23 am
by zaherhamiyah
The easiest solution, will be to use a script that changes each hour for example the srcnatted public ip.

Forget about this statement, it is not related to the main goal of this thread. :)


Best Regards