MikroTik

Posted: **Mon Sep 19, 2016 9:05 am**

Hi Forum.
I've got A mikrotik CCR1009 - which is setup as Router in the Company.
I'm a little in doubt here why this little problem come from and whats the Carse
My Public IP is 78.111.168.194/28
ISP Gateway 78.111.168.193 --> Network 78.111.168.192
----------------------------------------------------------------------------------
I've tried to setup a DMZ which is actually working fine - But my outgoing Masquerade IP is not the right one for some matter:
My local IP is 172.16.100.123 --> Which in my thoughts should give me Public IP 78.111.168.194 as my source IP
But when using myip.dk - it'll show I'm comming from 78.111.168.201

 0    ;;; Natting Progressive Servers
      chain=srcnat action=src-nat to-addresses=10.208.66.0/23 src-address=172.16.100.0/23 dst-address=10.200.0.0/13 log=no log-prefix="vpn" 
 1    ;;; 78.111.168.194  Masquerade Outgoing
      chain=srcnat action=masquerade to-addresses=78.111.168.200 src-address=172.16.100.0/23 out-interface=WAN log=no log-prefix="" 
 2    ;;; 78.111.168.200  Masquerade Outgoing
      chain=srcnat action=masquerade to-addresses=78.111.168.200 src-address=192.168.100.10 dst-address=78.111.168.200 out-interface=WAN log=no log-prefix="" 
 3    chain=srcnat action=masquerade to-addresses=78.111.168.200 src-address=192.168.100.11 dst-address=78.111.168.200 out-interface=WAN log=no log-prefix="" 
 4    ;;; 78.111.168.200 SynologyNAS
      chain=dstnat action=dst-nat to-addresses=192.168.100.10 to-ports=25 protocol=tcp dst-address=78.111.168.200 in-interface=WAN dst-port=25 log=no log-prefix="" 
 5    chain=dstnat action=dst-nat to-addresses=192.168.100.10 to-ports=445 protocol=tcp dst-address=78.111.168.200 in-interface=WAN dst-port=445 log=no log-prefix="" 
 6    chain=dstnat action=dst-nat to-addresses=192.168.100.10 to-ports=5000 protocol=tcp dst-address=78.111.168.200 in-interface=WAN dst-port=5000 log=no log-prefix="" 
 7    chain=dstnat action=dst-nat to-addresses=192.168.100.10 to-ports=5001 protocol=tcp dst-address=78.111.168.200 in-interface=WAN dst-port=5001 log=no log-prefix="" 
 8    chain=dstnat action=dst-nat to-addresses=192.168.100.10 to-ports=6690 protocol=tcp dst-address=78.111.168.200 in-interface=WAN dst-port=6690 log=no log-prefix="" 
 9    ;;; 78.111.168.200 License Server
      chain=dstnat action=dst-nat to-addresses=192.168.100.11 to-ports=6001 protocol=udp dst-address=78.111.168.200 in-interface=WAN dst-port=6001 log=no log-prefix="" 
10    chain=dstnat action=dst-nat to-addresses=192.168.100.11 to-ports=6002 protocol=udp dst-address=78.111.168.200 in-interface=WAN dst-port=6002 log=no log-prefix="" 
11    ;;; 78.111.168.201 Masquerade Outgoing ServiceNAS
      chain=srcnat action=masquerade to-addresses=78.111.168.200 src-address=192.168.100.20 dst-address=78.111.168.201 out-interface=WAN log=no log-prefix="" 
12    chain=dstnat action=dst-nat to-addresses=192.168.100.20 to-ports=445 protocol=tcp dst-address=78.111.168.201 in-interface=WAN dst-port=445 log=no log-prefix="" 
13    chain=dstnat action=dst-nat to-addresses=192.168.100.20 to-ports=5000 protocol=tcp dst-address=78.111.168.201 in-interface=WAN dst-port=5000 log=no log-prefix="" 
14    chain=dstnat action=dst-nat to-addresses=192.168.100.20 to-ports=5001 protocol=tcp dst-address=78.111.168.201 in-interface=WAN dst-port=5001 log=no log-prefix="" 
15    chain=dstnat action=dst-nat to-addresses=192.168.100.20 to-ports=6690 protocol=tcp dst-address=78.111.168.201 in-interface=WAN dst-port=6690 log=no log-prefix="" 
16    chain=srcnat action=masquerade src-address=172.16.110.0/24 out-interface=WAN log=no log-prefix="" 
17    chain=srcnat action=masquerade src-address=192.168.150.0/24 out-interface=WAN log=no log-prefix="" 
18    chain=srcnat action=masquerade src-address=172.16.120.0/24 out-interface=WAN log=no log-prefix="" 
19    chain=srcnat action=masquerade src-address=172.16.200.0/24 out-interface=WAN log=no log-prefix="" 
20    chain=srcnat action=masquerade src-address=192.168.100.0/24 out-interface=WAN log=no log-prefix="" 
21 XI  chain=srcnat action=accept log=no log-prefix="" 
22    ;;; Progressive Incomming NAT
      chain=dstnat action=dst-nat to-addresses=172.16.100.20 src-address=10.200.0.0/13 dst-address=10.208.66.20 log=yes log-prefix="hosting" 
23    chain=dstnat action=dst-nat to-addresses=172.16.100.21 src-address=10.200.0.0/13 dst-address=10.208.66.21 log=yes log-prefix="hosting" 
24    chain=dstnat action=dst-nat to-addresses=172.16.100.21 src-address=10.200.0.0/13 dst-address=10.208.66.22 log=yes log-prefix="hosting" 
25    chain=dstnat action=dst-nat to-addresses=172.16.100.21 src-address=10.200.0.0/13 dst-address=10.208.66.25 log=yes log-prefix="hosting" 
26    chain=dstnat action=dst-nat to-addresses=172.16.100.21 src-address=10.200.0.0/13 dst-address=10.208.66.24 log=yes log-prefix="hosting" 
27    chain=dstnat action=dst-nat to-addresses=172.16.100.21 src-address=10.200.0.0/13 dst-address=10.208.66.23 log=yes log-prefix="hosting" 
28    chain=dstnat action=dst-nat to-addresses=172.16.100.26 src-address=10.200.0.0/13 dst-address=10.208.66.26 log=yes log-prefix="hosting" 
29    chain=dstnat action=dst-nat to-addresses=172.16.100.27 src-address=10.200.0.0/13 dst-address=10.208.66.27 log=yes log-prefix="hosting" 
30    chain=dstnat action=dst-nat to-addresses=172.16.100.0/23 src-address=10.200.0.0/13 dst-address=10.208.66.0/23 log=yes log-prefix="hosting"

Can someone help me in the right way - since my Outgoing IP for the Normal LAN (172.16.100.0/23) shoud be XX.XX.XX.194 and not 201
I've tried to move the rules around - but keeps getting 78.111.168.201 as Outgoing Source IP

Posted: **Mon Sep 19, 2016 2:10 pm**

You mean this rule should do it for you?

 1    ;;; 78.111.168.194  Masquerade Outgoing
      chain=srcnat action=masquerade to-addresses=78.111.168.200 src-address=172.16.100.0/23 out-interface=WAN log=no log-prefix=""

There are two problems:
1) It has .194 address only in comment text, the rule has .200.
2) You can't specify to-addresses with action=masquerade. Masquerade picks an address automatically. It works great when there's only one address to pick, otherwise not so much.

What you want is to replace "action=masquerade to-addresses=78.111.168.200" with "action=src-nat to-addresses=78.111.168.194". And that goes also for your other masquerade rules.

MikroTik

Configuration with a /28 WAN IP

Configuration with a /28 WAN IP

Re: Configuration with a /28 WAN IP