Community discussions

MikroTik App
 
cantanko
newbie
Topic Author
Posts: 28
Joined: Mon Apr 05, 2010 12:53 am

NAT / Masquerade question...

Mon Apr 05, 2010 2:13 am

Hello,

I have an RB750 running RouterOS 4.6 and I have a question regarding Masquerading a couple of networks...

My current setup is as follows:

Image

I have a PPPoE connection to my ISP with a public address as my end point (illustrated as 253.12.13.14/32 in my example).

There is a set of public addresses routed via the MikroTik (the 252.1.2.0/28 network) and two separate private office networks.

The public network routes correctly to the internet and the two private networks can route to one another, and can access the internet via NAT, masquerading behind the PPPoE endpoint address.

Simply for accountability purposes, instead of the two networks emerging as the PPPoE endpoint address, I'd like to assign an address within the 252.1.2.0/28 for each of the masquerade sessions, however I can't find a way to do this as the masquerade instructions appear to require an out-interface:

/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ISPpppoe src-address=172.17.72.0/24
/ip firewall nat add action=masquerade chain=srcnat disabled=no out-interface=ISPpppoe src-address=172.17.73.0/24

If anyone has any idea as to how to approach this, i'd be most grateful if they could share them :-)

Cheers,
Harry
 
cantanko
newbie
Topic Author
Posts: 28
Joined: Mon Apr 05, 2010 12:53 am

Re: NAT / Masquerade question...

Thu Apr 08, 2010 7:34 pm

Well, the lack of responses here kind of mirrors my own attempts to get this to work: it would appear nigh on impossible to do what I've illustrated above. Is this so or am I missing something vital?

Cheers,
Harry
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: NAT / Masquerade question...

Fri Apr 09, 2010 10:38 am

to be clear masquerade rule does not require anything else but chain. So you set up chain and action.

If you want to make sure that addresses that are in Office A are src-natted with one address, but Office-B with other, then you have to make explicit action=src-nat and to what source address what connections to NAT.

masquerade is only shorter way to tell router what to do.

it would be helpful to check out basic networking and how NAT works in the manual.
 
cantanko
newbie
Topic Author
Posts: 28
Joined: Mon Apr 05, 2010 12:53 am

Re: NAT / Masquerade question...

Wed Apr 28, 2010 6:27 pm

Cheers - I'll give that a go :-)

Thanks,
Harry
 
cantanko
newbie
Topic Author
Posts: 28
Joined: Mon Apr 05, 2010 12:53 am

Re: NAT / Masquerade question...

Wed May 05, 2010 1:07 am

masquerade is only shorter way to tell router what to do.
Many thanks for the pointer - all working now :-) Had it in my head the two were discrete functions rather than one being a shortcut to the other...

Cheers,
Harry

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], seriosha and 75 guests