Community discussions

MikroTik App
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

masquerade or src-nat to-addresses ??

Wed Oct 11, 2006 3:30 am

What is the difference between :

;;; masquerade network
chain=srcnat out-interface=internet src-address=192.168.1.0/24
action=masquerade

and

chain=srcnat out-interface=internet src-address=192.168.1.0/24
action=src-nat to-addresses=xx.xx.xx.xx to-ports=0-65535

??
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6623
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Wed Oct 11, 2006 10:44 am

Masquerade is a special form of SRC-NAT, you are not able to specify 'to-addresses' outgoing interface address is used automatically.
Action=src-nat you need to specify outgoing 'src-address' for the packets.
 
User avatar
Mitak
newbie
Posts: 42
Joined: Wed Jun 07, 2006 10:12 am
Location: Bulgaria
Contact:

another example...

Wed Oct 11, 2006 12:34 pm

And another example - if you have two /or more/ private networks, and want to src-nat them to different src-address:
chain=srcnat out-interface=internet src-address=192.168.1.0/24
action=src-nat to-addresses=xx.xx.xx.xx to-ports=0-65535 

chain=srcnat out-interface=internet src-address=192.168.2.0/24
action=src-nat to-addresses=yy.yy.yy.yy to-ports=0-65535 
With masquerade yo can do this, but only if xx.xx.xx.xx and yy.yy.yy.yy addresses are assigned to different interfaces, like this:
chain=srcnat out-interface=internet src-address=192.168.1.0/24
action=masquerade 
chain=srcnat out-interface=internet1 src-address=192.168.2.0/24
action=masquerade 
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 617
Joined: Sat Nov 26, 2005 10:52 pm

Re: another example...

Thu Oct 12, 2006 12:03 am

And another example - if you have two /or more/ private networks, and want to src-nat them to different src-address:
chain=srcnat out-interface=internet src-address=192.168.1.0/24
action=src-nat to-addresses=xx.xx.xx.xx to-ports=0-65535 

chain=srcnat out-interface=internet src-address=192.168.2.0/24
action=src-nat to-addresses=yy.yy.yy.yy to-ports=0-65535 

in your example it means i have 2 private networks and 2 public addresses ..
if i have more than 1 public IP and 1 private network ,can i seperate my private addresses like 192.168.1.100-150 src-nat to 1 public , and from 151-200 to another public ?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6623
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Thu Oct 12, 2006 8:49 am

yes, it is possible with SRC-NAT, one group will use one public address as SRC-address for outgoing connections, second group will use another public address.
 
User avatar
Mitak
newbie
Posts: 42
Joined: Wed Jun 07, 2006 10:12 am
Location: Bulgaria
Contact:

Re: another example...

Thu Oct 12, 2006 9:32 am

And another example - if you have two /or more/ private networks, and want to src-nat them to different src-address:
chain=srcnat out-interface=internet src-address=192.168.1.0/24
action=src-nat to-addresses=xx.xx.xx.xx to-ports=0-65535 

chain=srcnat out-interface=internet src-address=192.168.2.0/24
action=src-nat to-addresses=yy.yy.yy.yy to-ports=0-65535 

in your example it means i have 2 private networks and 2 public addresses ..
if i have more than 1 public IP and 1 private network ,can i seperate my private addresses like 192.168.1.100-150 src-nat to 1 public , and from 151-200 to another public ?
Yes, for exampe: you have a network 192.168.0.0/25
And separate it to: 192.168.0.0/26 and 192.168.0.64/26

1st public address is: 1.2.3.4, 2nd: 5.6.7.8
chain=srcnat out-interface=internet src-address=192.168.0.0/26
action=src-nat to-addresses=1.2.3.4 to-ports=0-65535 

chain=srcnat out-interface=internet* src-address=192.168.0.64/26
action=src-nat to-addresses=5.6.7.8 to-ports=0-65535 

* - if your second IP Address is assigned to different interface, just use it`s name here.
 
rakis1985
just joined
Posts: 4
Joined: Sat Aug 06, 2016 5:59 pm

Re: masquerade or src-nat to-addresses ??

Sat Aug 06, 2016 6:42 pm

Hello dear all,
what i need to do?
I have a routerboard 750g (5 ethernet ports)
My ISP gave me 2 IPs (48.48.48.0/30), a peering network (47.47.47.0/29) for speciphic reasons, and i want to use a private network (10.10.0.0/24)
Router IP(48.48.48.2), gateway(48.48.48.1)
ether1 assigned 48.48.48.2, create a static route for gateway, ether2 assigned ip address (10.10.0.1/24) + a dhcp server, ether3 + ether4 are slaves to ether2, ether5 assigned (47.47.47.1/29).
If the peering network is routed directly from ISP (means that i haven't to do NAT for that address space, right?) then what i have to do to NAT only the private network?

note: I have tried to NAT with masquarade action ( chain=srcnat out-interface=ether1 action=masquerade ) but then both subnets where NATed. I have tried to NAT with src-address option, but then nothing worked... ( chain=srcnat out-interface=ether1 src-address=10.10.0.0/24 action=masquarade)

Thank you!!
 
Sob
Forum Guru
Forum Guru
Posts: 5483
Joined: Mon Apr 20, 2009 9:11 pm

Re: masquerade or src-nat to-addresses ??

Sun Aug 07, 2016 1:27 am

Grave digger achievement unlocked, congratulations! That was ten years old post you replied to...

Anyway, what you describe should have worked. Unless you have more than one address assigned to ether1. You can also try to specify address manually:
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 src-address=10.10.0.0/24 \
    to-addresses=48.48.48.2
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
mjsabri
Trainer
Trainer
Posts: 109
Joined: Sat Dec 12, 2015 10:55 am

Re: masquerade or src-nat to-addresses ??

Sun Aug 07, 2016 7:10 am

hello
in src-nat you should set to-address parameter in action but in masquerade you do not need set it and it is Automatically
Mikrotik Certified Consultant
[ MTCNA , MTCRE , MTCWE , MTCTCE , MTCUME , MTCINE ]

Who is online

Users browsing this forum: gecko1, Majestic-12 [Bot], msatter, olgale and 112 guests