Dear All Mikrotik Community
This is Kashif Khan
Actually, I was using CGNAT rules almost at Ratio of 1:5 (i.e. 1 public IP : 5 Private IPs).
I have a pool of /24 network of Public IP and almost 1250 Private IPs allocated for users. My clients were complaining from last 3 to 4 months about internet stops working for 5sec to 6 sec then start working. I can't able to see anything in Mikroitk WAN and LAN interfaces, all data is continously passing IN and OUT. I googled too much & also ask here in community to fix it, and found that there are 2 possible issues for that Cause (i.e. clients are complaining from last 3 to 4 months about internet stops working for 5 to 6 sec).
1 reason about DNS issue: DNS stops working, might be google 8.8.8.8 and 8.8.4.4 has some connections limts/IP, other
2 reason is CGNAT Src-NAT issue (as I was understading)
So, I tried to change and use Primary DNS Server of Google and Secondary Server of my ISP
Other, I tried after studying to change CGNAT to NETMAP, and this time I use ratio of 1:8 with my local/Private IP Pool /22 (2046 IPs) with Netmapping Public IP Pool of /24 (254 IPs)
8 TCP Rule & 8 UDP Pools & 1 Masquarade Rule with each rule containing 8063 ports (instead of Using 3810 rule in CGNAT)
(here is my config list + Attached Picture)
add action=netmap chain=srcnat comment="TCP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=tcp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=1024-9087
add action=netmap chain=srcnat comment="TCP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=tcp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=9088-17151
add action=netmap chain=srcnat comment="TCP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=tcp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=17152-25215
add action=netmap chain=srcnat comment="TCP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=tcp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=25216-33279
add action=netmap chain=srcnat comment="TCP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=tcp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=33280-41343
add action=netmap chain=srcnat comment="TCP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=tcp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=41344-49407
add action=netmap chain=srcnat comment="TCP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=tcp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=49408-57471
add action=netmap chain=srcnat comment="TCP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=tcp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=57472-65535
add action=netmap chain=srcnat comment="UDP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=udp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=1024-9087
add action=netmap chain=srcnat comment="UDP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=udp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=9088-17151
add action=netmap chain=srcnat comment="UDP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=udp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=17152-25215
add action=netmap chain=srcnat comment="UDP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=udp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=25216-33279
add action=netmap chain=srcnat comment="UDP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=udp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=33280-41343
add action=netmap chain=srcnat comment="UDP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=udp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=41344-49407
add action=netmap chain=srcnat comment="UDP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=udp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=49408-57471
add action=netmap chain=srcnat comment="UDP- NetMap- CGNAT Rule" \
out-interface-list=WAN protocol=udp src-address=100.64.0.0/21 \
to-addresses=X.Y.254.0/24 to-ports=57472-65535
add action=masquerade chain=srcnat comment=" WAN Masquarade Rule" \
out-interface-list=WAN src-address-list=Src-Add-List
THE PROBLEM:
I need you Experts People suggestions is to check only that 2 Rules are passing data and other rules are not even used?? My clients are not complaining me but is that OK?? Will I need to use more PORTS for these 2 rules and block/disable other Rules?? or 8063 ports are enough??
Reference as attached picutre
I desgin Netmap studying this link as reference
https://mum.mikrotik.com/presentations/ ... 667160.pdf