Hi;

i'm trying to do a source nat for a TOS number or connection or packet but the nat is not working ;

if anyone can help me to do a src nat for a TOS number or packet or connection byte .


Thanks.

Can you post an example of what you are trying to do? When you say:

i'm trying to do a source nat for a TOS number or connection or packet

Are you suggesting that anyone of those three things can be the means to identify the traffic to be NAT'd?

From the host, through the router, and out to the Internet, what are you trying to accomplish?

Hi;

ip firwamle mangle postroute tcp dst port 443 connection bytes:500000-0 action:change DSCP(TOS) New TOS:30

ip firwale nat srnat DSP(TOS) :30 action :src-nat to addresses:141.105.81.45

I'm in the same rb 110ah*2 trying to do this natting :

1- In the Mangle this Packet and bytes are counting but in the nat nothing is happen.Is this mean this mean i can't nat the TOS number ?

Regards;

I tried it without the connection bytes and this worked:

Hi;

Trying to do this natting with layer 7:


Code:
/ip firewall mangle
add action=change-dscp chain=postrouting layer 7 protocol=googlevideo.com new-dscp=30 passthrough=no protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes dscp=30 out-interface=ether1


Also not workin, if you have any solution for this problem ?




Best Regards;

I'm not really sure why you are trying to do this However, you are trying to combine too many things at once. Don't try to use the Layer 7 and the DSCP at the same time. Use one and then limit the results with another rule. That will make troubleshooting much easier

Hi;

My goal is to do a NAT for layer 7 or tcp connection byte .

EX:
ip firewall nat
add action=masquerade chain=srcnat disabled=yes Layer 7=video.google out-interface=ether1

Is This Possible ?

Best Regards;

Yes, it is, but you might have to "mark" the Layer 7 first. For example, use the layer 7 matcher to set a packet mark in Mangle and then use the NAT rule to NAT everything with that packet mark.