hello all,
is there any way to masquerade a nat blocked ip I mean ISP blocked nat . my isp has given me a ip which is
ip address :10.20.25.1/24
gateway :10.20.25.250 and i put this in my wan interface . my lan ip is 192.168.0.1/24 .
i can ping yahoo.com from my mikrotik terminal box. but when i share this connection .i cannot ping yahoo.com from my xp pc. but it ping to the isp gateway. any solution plz. I really need to share this connection. plz reply how to do it.

regards
ferdous

is there any way to masquerade a nat blocked ip

Perhaps but it depends on what you mean by 'blocked'?

i can ping yahoo.com from my mikrotik terminal box. but when i share this connection .i cannot ping yahoo.com from my xp pc. but it ping to the isp gateway

How exactly are you 'sharing' this connection? Post your config for us to look at.

wan ip : 10.20.25.1/24 (ISP has given me this ip)
gateway : 10.20.25.250
dns: 202.168.200.98
202.192.254.4

my lan ip : 192.168.0.1/24

/ip address add address=10.20.25.1/24 interface=wan
/ip dns 202.168.200.98
202.192.254.4

ip route add gateway= 10.20.25.250

/ip address add address= 192.168.0.1/24 interface=lan

/ip firewall nat add chain=srcnat src-address=192.168.0.1/24 action=masquerade
out-interface=wan

my windowsXP ip is : 192.168.0.2
subnet : 255.255.255.0
gateway : 192.168.0.1
dns : 202.168.200.98
202.192.254.4

but I cant browse or ping yahoo or google from Xp pc. plz hlp.

/ip firewall nat add chain=srcnat src-address=192.168.0.1/24 action=masquerade out-interface=wan

change to this try it and let us know.

/ip firewall nat add chain=srcnat src-address=192.168.0.1/24 action=masquerade in-interface=wan

Mikrotik shows this message when i put this command

Couldn't change NAT Rule <192.168.0.0/>- ingoing interface matching not possible in output and postrouting chains(6)

dont specify what interface is the in or out and it should work fine.

I tried this two rule. but no positive result. normal routing is blocked by isp.

1. /ip firewall nat add chain=srcnat src-address=192.168.0.1/24 action=masquerade

2. /ip firewall nat add chain=srcnat action=masquerade

I think isp blocked nat port or something like that.

regards
ferdous

Sounds like you may be blocked then. Perhaps you could take the router to a friend whose is using a different ISP and test your config. Also check the terms and conditions of your internet access because they may specifically deny sharing of the line.

check dns settings

if client is using router as dns server then you have to set allow-remote-request=yes

......help needed....

get rid of "src-address=192.168.0.1/24"

this should work Disable any other firewall filter/nat rules and try it without being bridged.

Not working . I tried this before it's useless. NAT BLOCKED BY ISP. Is there any other way to share this type of connection by mikrotik. Don't tell for webproxy or ip proxy. Is there any other rule, I mean ip tunnel or with bonding or with any other rule to share this nat blocked connection by mikrotik .

Is there any other way to share this type of connection by mikrotik. Don't tell for webproxy or ip proxy. Is there any other rule, I mean ip tunnel or with bonding or with any other rule to share this nat blocked connection by mikrotik .

Yup. Get a new ISP, although the one you have must have a pretty extreme reason for doing what they are doing. To limit a person to 1 machine these days is financial suicide for ISP's. They can keep an eye on users based on traffic, and limiting total connections is easy enough, so there really is no excuse for it these days.

jimbojones that means u dont know how to do share it. but it possible by mikrotik . bad news is i dont know how to do it . any mikrotik specialist can do it. may be he doesnt see my post............... somehow wan 80 port redirected to lan port , then its possible to share. help needed .............plz.

So basically, your looking for a way to bypass your ISP's firewall rules, with a Mikrotik solution? and i'll pretend I didn't hear your first comment.

Can you not just approach the ISP and talk to them nicely? Or are you trying to resell a service you shouldn't be reselling? Sorry if thats blunt, but thats what it sounds like to me.

Jimbo

Check the firewall manual, and you will find the answer how to overcome ISP's limitations. It's quite easy if you know how networking protocols work.

Or are you trying to resell a service you shouldn't be reselling? Sorry if thats blunt, but thats what it sounds like to me.

That is the problem of some ISP's, they think that everybody is trying to sell something. But in most cases users just want to set routers with wireless to connect their laptops, Iphones and other devices.

couldn't it be a ttl problem?..

no its not ttl problem . ................

but it seems like it is. please post here 'tracert google.com' result from your NATted machine and from directly connected one

THIS IS FROM NATED PC.

C:\Documents and Settings\ferdous>tracert www.google.com

Tracing route to www.l.google.com [209.85.137.104]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192-168-0-1
2 1 ms 1 ms 1 ms 10.20.25.250
3 2 ms 1 ms 1 ms 10.20.25.250
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

AND THIS IS FROM DIRECT PC.

C:\Documents and Settings\ferdous>tracert www.google.com

Tracing route to www.l.google.com [74.125.43.103]
over a maximum of 30 hops:


1 28 ms 39 ms 29 ms 10.20.25.250
2 17 ms 39 ms 29 ms 10.20.25.250
3 18 ms 30 ms 29 ms bpgw.smile.com.bd [113.238.54.2]
4 18 ms 39 ms 19 ms gw.smile.com.bd [113.30.201.8]
5 21 ms 39 ms 29 ms 123.49.0.73
6 37 ms 19 ms 49 ms 123.49.13.94
7 327 ms 329 ms 329 ms 203.208.191.177
8 337 ms 329 ms 339 ms ge-0-1-7-0.sngtp-dr2.ix.singtel.com [203.208.151
.181]
9 1919 ms 709 ms 319 ms 74.125.50.225
10 317 ms 296 ms 313 ms 209.85.243.158
11 316 ms 320 ms 314 ms 209.85.254.155
12 302 ms 294 ms 304 ms 209.85.255.59
13 313 ms 329 ms 329 ms 209.85.248.131
14 317 ms 309 ms 329 ms 72.14.233.117
15 310 ms 325 ms 299 ms 216.239.46.15
16 306 ms 299 ms 311 ms 209.85.248.181
17 319 ms 322 ms 317 ms 209.85.248.95
18 426 ms 321 ms 338 ms 209.85.248.218
19 1306 ms 740 ms 329 ms 64.233.174.55
20 336 ms 359 ms 359 ms 209.85.255.245
21 307 ms 324 ms 335 ms bw-in-f103.google.com [74.125.43.103]

Trace complete.
plz give me a solution.

Couple of questions;

1. Who is your ISP?
2. What internet package are you on?
3. URL of all this?
4. What version of RouterOS are you running?

Couple of questions;

1. Who is your ISP?
2. What internet package are you on?
3. URL of all this?
4. What version of RouterOS are you running?

ISP name is = smilebd online.
package name is= standard.
url= smile.com.bd
router version= 2.9.27 and a trial version of 2.9.51

anything else u wanna know.

you need to purchase a RouterOS license if you want anyone here to help you ...

P.S.: that webpage doesn't work

ok then i will purchase with in 1/2 days . Then u halp me plz.

they r small local ISP . may me for this reason their url doesn't work.but they r working with this. By the way whats the relation between their url and my natting problem.

Hi, a few days ago i bought hAP ac2, and I have the same problem. My ISP blocking NAT and allows only one MAC address to Internet connection (yes i changed MAC address on WAN interface)
I need this NAT this to use laptop and PC without changing MAC address every time on my devices. Can you help me?
Now i set the tunnel through wireguard and it works, but some pages don't not loading... But I want to use NAT and IP which gives me ISP

Hi, a few days ago i bought hAP ac2, and I have the same problem. My ISP blocking NAT and allows only one MAC address to Internet connection (yes i changed MAC address on WAN interface)
I need this NAT this to use laptop and PC without changing MAC address every time on my devices. Can you help me?
Now i set the tunnel through wireguard and it works, but some pages don't not loading... But I want to use NAT and IP which gives me ISP

SOLVED!
My ISP changes the TTL to 1 and packets forwarded by the router have TTL 0 so i need to increment TTL using prerouting mangle rule