Community discussions

MikroTik App
 
REDTDI
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Fri May 28, 2004 9:41 pm

Masquerading to specific IP address?

Tue Mar 11, 2008 1:04 pm

I need to map an entire /24 subnet to a specific single ip address on our router. How do I do this? Would netmap accomplish this?

/ ip firewall nat
add chain=srcnat out-interface=ether1 src-address=192.168.0.0/24 \
action=netmap to-addresses=10.0.0.1 to-ports=0-65535

Thanks,
Ken
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Masquerading to specific IP address?

Tue Mar 11, 2008 2:40 pm

I don't think netmap is the answer for you. That maps a range of IPs to a range of IPs. If I understand you correctly, you want to masquerade a local net as ether1.

/ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

This "allows" your local net access to ether1, and to the outside world you look like the router's ether1 IP.
Last edited by SurferTim on Tue Mar 11, 2008 2:48 pm, edited 1 time in total.
 
REDTDI
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Fri May 28, 2004 9:41 pm

Re: Masquerading to specific IP address?

Tue Mar 11, 2008 2:45 pm

I would like to be able to specify which IP address the masquerade rule uses and this isn't possible with a normal masquerade rule.

Thanks,
Ken
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Masquerading to specific IP address?

Tue Mar 11, 2008 2:55 pm

How about this? This is supposed to "masquerade" the local net as 68.99.58.98. I haven't verified that this works.
/ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=src-nat to-addresses=68.99.58.98
 
REDTDI
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Fri May 28, 2004 9:41 pm

Re: Masquerading to specific IP address?

Tue Mar 11, 2008 3:03 pm

Thanks, I'll give that a try.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Masquerading to specific IP address?

Tue Mar 11, 2008 3:09 pm

I feel unsure about the action tho. Somehow I feel that should be "masquerade" and not "src-nat". The docs say src-nat. My brain says masquerade.

EDIT: I just did a check. I use version 2.9.46, and it has a challenge with dns if you change any IP addresses after setting up the dns. I had to reset my MT box and start over.

This works if all is entered in the correct order:
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=xxx.xxx.xxx.xxx src-address=192.168.0.0/24

It must be done in this order on my box:

1 - All IP addresses for all interfaces
2 - gateway
3 - dns
4 - dhcp
5 - nat

To check for valid dns, try pinging a domain name:
/ping email.prolectron.net
If dns is corrupted, you will get a message like "invalid argument".

Who is online

Users browsing this forum: No registered users and 37 guests