I got problem...
I just install mikrotik @ my pc, 2 NIC, Public and Local. I got multiple Public IP on it and single Local IP. I want to share internet connection with my client, and locate different public ip fo each client.
the problem is.. i cant do SNAT but if I use MASQUERADE its working fine...
So wheres the problem is? I use mikrotik 2.8.26.
Thanks a lot.
[/b]
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
Hum its like this...You need to post some more information.
Regards
Andrew
i got mutiply ip ex. 64.65.66.210-64.65.66.222/28 on ether1
gateway 64.65.66.209
and i got local ip ex.192.168.0.1/32 on ether2
on my pcrouter with mikrotik...
my local ip connected to switch with another pc client ex. 192.168.0.2/32 192.168.0.3/32 and more...
i want to share internet connection to my local client, but because i had multiple public ip i want to specify which local ip go throught which ip public, like
192.168.0.2/32 to 64.65.66.211
192.168.0.3/32 to 64.65.66.212
...
like that,
so i use command like :
add src-address=192.168.0.2/32 out-interface=ether1 action=nat to-src-address=64.65.66.211
looks fine, but it wont work, my client cant connect to the internet.
but if i change action to MASQUERADE it working.
So where is the problem, somebody help me please...
Thank you so much.
Best Regards.
-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
My src-nat rule for my LAN:
I'm natting for a class C but it works the same for a single IP address as well. Looks like you're missing the 'to-ports' bit.
Do you have connection tracking turned on?
Regards
Andrew
Code: Select all
chain=srcnat out-interface=Internet src-address=192.168.1.0/24 action=src-nat to-addresses=x.x.x.x to-ports=0-65535Do you have connection tracking turned on?
Regards
Andrew
add chain=srcnat out-interface=PublicInterface src-address=192.168.0.2/32 action=src-nat to-addresses=64.65.66.211 to-ports=0-65535
I have noticed by your post that you use version 2.8.x
Check if it's latest 2.8, I mean is it stable...
I hope you didn't post your real addresses
If yes, my advice is not to do that anymore.
Cheers..
I have noticed by your post that you use version 2.8.x
Check if it's latest 2.8, I mean is it stable...
I hope you didn't post your real addresses
If yes, my advice is not to do that anymore.
Cheers..
We have had some issues in the past with version 2.8.26 when the firewall is being used. This version is fine for bridges (or ap-bridges) but have stability issues with nat and firewall. Upgrade to 2.8.28 and see if this helps. 2.8.28 has been stable for us with NAT. We'll probably continue to use 2.8.28 until they fix some firewall issues in 2.9 
Hmmm...i just try to insert ports but its not working too... connection tracking turned onMy src-nat rule for my LAN:
I'm natting for a class C but it works the same for a single IP address as well. Looks like you're missing the 'to-ports' bit.Code: Select allchain=srcnat out-interface=Internet src-address=192.168.1.0/24 action=src-nat to-addresses=x.x.x.x to-ports=0-65535
Do you have connection tracking turned on?
Regards
Andrew
Btw... of course its not my real ip
Another suggestion? i really need this
my network over traffic...-
-
andrewluck
Forum Veteran
- Posts: 700
- Joined:
- Location: Norfolk, UK
From the manual:
Regards
Andrew
Check the syntax of your source nat rule as what I gave you was for 2.9. I can't remember as far back as 2.8. Especially, check that you're specifying the type of nat that you require.masquerade is a special form of source NAT without need to specify to-addresses - outgoing interface address is used automatically
Regards
Andrew