on all my MK routers no matter what version of the software I use the masquarade rules are not working correctly.

I have a few public IP addresses on say ethernet1 some NAT'ed through to specific customers and one main masq address

all the public IP addresses would be in the same /24 subnet

the masq rule is simply any traffic from 192.168.0.0/24 exiting ether1 masq

the masq seems to choose any one of the public addresses on the interface and not the one I have set as the pref src in the routing table for the default route.

the address it chooses comes up on the dynamic route automatically entered for the public subnet in question as the pref-src.

example:

IP Address Table:

1.2.3.1/24 ether1 (Wan) (This would be the address I wish to Masq say 100 customers out of)
1.2.3.2/24 ether1 (Wan) (this would be an address assigned to one customer through a NAT)
1.2.3.3/24 ether1 (Wan) (this would be an address assigned to one customer through a NAT)
192.168.0.1/24 ether2 (Lan) (This would be the gateway for all the customers behind the router)

IP Firewall NAT Table:

0 chain=srcnat action=src-nat to-addresses=1.2.3.2 to-ports=0-65535 src-address=192.168.0.50 (customer 1's src-nat)
1 chain=dstnat action=dst-nat to-addresses=192.168.0.50 to-ports=0-65535 dst-address=1.2.3.2 (customer 1's dst-nat)
2 chain=srcnat action=src-nat to-addresses=1.2.3.3 to-ports=0-65535 src-address=192.168.0.55 (customer 2's src-nat)
3 chain=dstnat action=dst-nat to-addresses=192.168.0.55 to-ports=0-65535 dst-address=1.2.3.3 (customer 2's dst-nat)
4 chain=srcnat action=masquerade out-interface=ether1 src-address=192.168.0.0/24 (rest of customers to masq through this)

IP Route Table:

# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 A S 0.0.0.0/0 1.2.3.1 r 1.2.3.254 1 ether1 (Wan) (this is the default route with the pref-src set to the address I want to masq through)
1 ADC 1.2.3.0/24 1.2.3.3 0 ether1 (Wan) (This is the dynamic route entered by MK with an address in the public range of its choosing as the pref-src)
2 ADC 192.168.0.0/24 192.168.0.1 0 ether2 (Lan) (this is the dynamic route entered by MK for the private range)

as you can see I have mulitiple Public IP addresses on the Wan interface and one address on the Lan.

If you look at the routing table I have set the pref-src for the default route to 1.2.3.1 but on the dynamic route entered by MK when I stick a new address in a new range on it has chosen a random address within the pubilc IP allocation for that subnet as the pref-src, because this is a dynamic route I can not alter the address it has chosen. this chosen pref-src is the address the customers seem to be masqing out of.

I have found that if I disable the address it has chosen it will automatically choose another random address from the range but I see no way of telling the router to specifically Masq out one particular address.

The results of this mean that if I have an address allocated to one customer and the router happens to choose this address to masq out re the dynamic route then all customers masq'ing through the router hit the internet on the same public allocation assigned to a that specific customer.

Porbably something obvious, any help much appreciated!!

you need to add in mangle rules to mark the connections and then use the connection marks to determine which one you want to go out where.



Edit: after re-reading your post again for the third time, your not even close to the right path.

you need to make nat rules and mangle rules and add routing rules.

just change your masq rule to a src-nat and specify the IP you want it to use. For some reason this broke / changed in the new 3.0 kernel used. Masq purely picks its own IP at will and src-nat will force it to use what you want.

Sam