question i have a x86 box acting as a radius server
now with masquerade

what the best to set it up add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.0.0.64
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.0.0.65
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.0.0.66
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.0.0.67
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.0.0.68
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.0.0.69
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.0.0.70
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
10.0.0.71


for each pppoe ip address or just on the out interface of the router connection

Just do on out interface, unless you of cause have time spare to put each user on his own. Just kidding, will work fine on out interface.

so i would do this

1)/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=wlan1

or

2)/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no

as 2 will masquerade local trafic

i have this setup

server------------ap-----------client


ap bridged
client is in wds mode

and client has masquerade like number 2
and server has masquerade like number 2
so is it best to change them to number 1
what would be the diffrence
if i impliment 1 and 2

im just trying to find out the diffrence and trying to get a better understanding on what masquerade does exactly

you do this:

1) /ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=wlan1

if your outgoing interface is wlan1

also notice, that you dont have to maquarade networks you control, just masquerade your traffic that goes to your upstream provider if you are using local addresses.

(internet) --- (border router) --- (server) --- (ap) --- (clients)

usually masquerade is done on border router.

so i have no need to do it on clients board if the client has no firewall settings?

as i have the rule on all my ap clients and server

no, while you control what route goes where you can simple manage with routing. In internet, of course, nobody will recognise local addresses and most probably will drop packets, so you have to masquerade.

SO WHAT THE BET WAY TO ROUTE EVERYTHING TO THE SERVER AND MANAGE FROM THET AS I HAVE A BRIGED TYPE NETWORK?

it has nothing to do with bridge or routed internal network - as long as it is your internal one, you should choose one that fits your needs.

so lets say i have a 411ah

3 interfaces


ether1
wlan1
pppoe-out1

that connects out interface wlan1

so do i set wlan as my internet out interface or pppoe as my out interface to masqurade?

Hello,

If you need PPPoE client to connect to the Internet - PPPoE client is your out interface.

best regards