Community discussions

MikroTik App
 
User avatar
maddogslo
just joined
Topic Author
Posts: 6
Joined: Thu May 02, 2013 12:48 am

masquerade or src-nat to-addresses

Fri Feb 05, 2021 11:14 am

Hi,

I have question about masquerade or src-nat usage.
I have static IP address and my lan 192.168.5.0/24

can I use src-nat instead masquerade ?
Is masquerade needed if I use src-nat ?

add action=src-nat chain=srcnat comment="default: lan -> wan" src-address=192.168.5.0/24 to-addresses=public.ip
or
add action=masquerade chain=srcnat out-interface-list=WAN

thanks ?
 
User avatar
16again
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Fri Dec 29, 2017 12:23 pm

Re: masquerade or src-nat to-addresses

Mon Feb 08, 2021 12:20 am

masquerade is a special case of source-nat, which is handy if WAN IP address can change and isn't known at forehand.

There are those who suggest to use src-nat whenever you can:
https://mum.mikrotik.com/presentations/ ... 948376.pdf
 
User avatar
maddogslo
just joined
Topic Author
Posts: 6
Joined: Thu May 02, 2013 12:48 am

Re: masquerade or src-nat to-addresses

Tue Feb 09, 2021 10:18 am

Ok, If I understand, it is better to use src-nat instead masquerade if we can get static wan ip ?
 
rgonzalez
just joined
Posts: 1
Joined: Sat May 13, 2017 5:21 pm

Re: masquerade or src-nat to-addresses

Wed Jan 19, 2022 7:14 am

Sorry, this might be a dumb question but if i use src-nat to-address can i assign a /31 to it?
 
sindy
Forum Guru
Forum Guru
Posts: 8814
Joined: Mon Dec 04, 2017 9:19 pm

Re: masquerade or src-nat to-addresses

Thu Jan 20, 2022 10:44 pm

The to-addresses can be any prefix (/32 which means a single address, /31 which means two addresses, /24 which means 256 addresses) or a range like 11.22.33.27-11.22.33.45. In either case, it specifies a pool from which a single new source address will be chosen for each connection. Does that answer your question?
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
nichky
Forum Veteran
Forum Veteran
Posts: 915
Joined: Tue Jun 23, 2015 2:35 pm

Re: masquerade or src-nat to-addresses

Thu Jan 20, 2022 11:41 pm

usually we are using masquerade in case of you have dynamic ip-add.
In case if you have static ip-add fill free to go with src-nat
If both SSIDs are good quality signal, most modern devices choose 5GHz for the speed.
viewtopic.php?f=7&t=176537


!) Safe Mode is your friend;
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11754
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: masquerade or src-nat to-addresses

Fri Jan 21, 2022 12:37 am

Correct,
both options will work for fixed WANIP.
According to the WIKI the fixed WANIP has a more technically correct solution

However the format you chose is not the most obvious.

(1) Default rule on routers which is geared to cover both cases.......
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN


(2) Assuming one has a fixed WAN IP of 24.34.234.5, and a standard IP DHCP Client scenario on ether1
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 to-addresses=24.34.234.5 (or whatever name has been given to ether1)

Note: There is no need for any source nat address in the basic configuration schema for both types!
Note: If the WAN connection is more complex, then use the active name ex. if via PPPOE, then use the PPPOE name, vice ether1
Note: if the WAN connection is more complex, then use the active name ex. with a vlan or pppoe with a vlan, then use the vlan name, vice ether1
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!

Who is online

Users browsing this forum: Ahrefs [Bot], Google [Bot], phonglt and 58 guests