Community discussions

MikroTik App
 
davidon
just joined
Topic Author
Posts: 13
Joined: Wed Sep 28, 2022 10:03 pm

WAN Failover using src-nat - How to dynamic IP?

Sat Jan 28, 2023 1:16 am

There is a short tutorial which explains how to setup a failover:
https://wiki.mikrotik.com/wiki/Manual:F ... ll_marking

The tutorial has a step which defines the NAT configs, as follows:
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 to-address=10.1.101.18/24
add action=src-nat chain=srcnat out-interface=ether2 to-address=10.1.200.18/24
These NAT configs use hardcoded IP addresses in the "to-address" field.

But often WAN addresses are dynamic (they may be changed arbitrarily).

So how do I modify the command in the tutorial to be compatible with dynamic IP addresses?
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover using src-nat - How to dynamic IP?

Sat Jan 28, 2023 1:32 am

Use action "masquerade" instead of "src-nat". Masquerade will use the dynamic/changing IP address of the interface as SRC for NAT.
https://wiki.mikrotik.com/wiki/Manual:I ... Masquerade
 
davidon
just joined
Topic Author
Posts: 13
Joined: Wed Sep 28, 2022 10:03 pm

Re: WAN Failover using src-nat - How to dynamic IP?

Sat Jan 28, 2023 2:33 am

Use action "masquerade" instead of "src-nat". Masquerade will use the dynamic/changing IP address of the interface as SRC for NAT.
https://wiki.mikrotik.com/wiki/Manual:I ... Masquerade
The tutorial is intentionally using "src-nat" instead of "Masquerade" to avoid its disadvantages:
Instead of masquerade, we will use src-nat for our local networks, because we do not want to purge connections which is one of masquarades main features when a primary link fails. We will restrict them with a firewall rules (later in this example)
If I change the value of the "action" field as you wrote, then:
1. I assume that all of Masquerade disadvantages would be applied to my setup.
2. Would I still need to follow the tutorial with the rest of the commands?

------

I'd rather to avoid Masquerade, if there is some other technique possible in this case.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: WAN Failover using src-nat - How to dynamic IP?

Sat Jan 28, 2023 2:08 pm

Who is online

Users browsing this forum: baragoon, Bing [Bot], mtkvvv and 38 guests