Josh, if you have a few minutes to actually log in and see for yourself,
I can hit you off list with a user/pass/ip and you can take a look at it
for yourself. There is no srcnat rule, or dstnat rule for that matter,
that should be affecting the public IP block. Not trying to be
argumentative, especially since you are trying to help, but I've looked
several times and there is nothing there.
Christopher Tyler
Total Wireless Communications, LLC
On 09/26/2010 12:46 AM, Josh Luthman wrote:
Masquerade is srcnat'ing it.
The problem is that the public are too, right? If so then some nat rule is
doing it.
On Sep 26, 2010 1:33 AM, "Jeromie Reeves"<[email protected]> wrote:
On Sat, Sep 25, 2010 at 10:05 PM, Christopher Tyler<[email protected]>
wrote:
We have another network but with an ImageStream and it's setup
essentially
the same way. /30 on the WAN, and a /24 and a /25 on the LAN side. All
working properly. Based on what I had set up in it, I was pretty sure
that
I had it all correct in the MikroTik as well, after all, routing is
routing.
From what you are all asking/telling me, I think I'm right. This issue
is
not with my configuration in the MikroTik, it's something else.
This is the only srcnat rule and it's the first rule as well, there are a
few dstnat rules on there to redirect old no longer existing DNS servers,
and a redirect for non-payment, but that is all, and they are all tied to
specific ports.
/ip firewall nat export
add action=masquerade chain=srcnat comment="Default NAT Rule (PRIVATE
IP)" \
disabled=no out-interface=WAN src-address=!xxx.xxx.xxx.0/22
src-address will be the ip range you want to NAT. in this case, it
will be everything not matching x.x.x.0/22. to-address is the address
you want it to look like it comes from. You have no to-address, so it
automatically picks the IP on your out-interface. Add a
to-address=x.x.x.x to change the address it comes from. If looking to
do 1:1 add the block
So as far as you all can tell, I have it set up correctly. This should
be
working properly (other than the private IP's which I know how to fix
now).
Is there a possibility that this is something that our upstream is doing
in
their Cisco? If so, is there something that I can ask them to change to
make the public IP's report properly?
Christopher Tyler
Total Wireless Communications, LLC
On 09/25/2010 08:44 PM, Jeromie Reeves wrote:
Another NAT rule, or the one you have is triggering on them too.
What does this look like, /ip firewall nat export
On Sat, Sep 25, 2010 at 6:36 PM, Christopher Tyler<[email protected]>
wrote:
Ahh.... That makes sense for the private IP's, and I'll have to set
that
up.
But why would the public's, which should not even be touched by NAT,
be
showing up as our /30 instead of the actual IP address?
Christopher Tyler
Total Wireless Communications, LLC
On 09/25/2010 11:55 AM, Jeromie Reeves wrote:
You need a to-address on there, or it will assume the IP on the WAN
port.
On Sat, Sep 25, 2010 at 9:39 AM, Christopher Tyler<[email protected]>
wrote:
Sorry about that, my mistake. I typed<private> in the email and
it
should
have been<public>. Only the private IPs are being masqueraded not
the
public, and that was always the case.
The rule is "!<public>" not "!<private>" as in not the _public_ IP
block.
This is what I should have wrote in the email:
/ip firewall nat
add action=masquerade chain=srcnat\
disabled=no out-interface=WAN src-address=!xxx.xxx.0.0/22
Where xxx is our _public_ IP block.
Christopher Tyler
Total Wireless Communications, LLC
On 09/25/2010 01:33 AM, Josh Luthman wrote:
Masquerade the private addresses, not the public.
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:<http://www.butchevans.com/pipermail/mikrotik/attachments/20100926/56ae1e6c/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
