Duurrrrrr....
So the IP addresses I have been referencing are false ones to protect
the innocent.. I used Chupaka's first rules but neglected to translate
them into the real IP addresses.
They did work. All appears to be well. Call me embarrassed!
Thanks to Chupaka.
ryan
On 7/3/15 7:02 PM, Chupaka wrote:
So, 216.168.46.0/24 is masqueraded and 209.90.234.1/28 is NOT masqueraded
by the rule with "src-address=10.0.1.0/24"? Isn't that a kind of magic?..
Have you tried the rules from my first answer?
--
Подпись:
(добавляется в конце всех исходящих писем)
2015-07-04 4:44 GMT+03:00 D. Ryan Spott <rsp...@ngc457.com>:
That is correct. It is disabled. When this is enabled then
216.168.46.0/24 and 10.0.1.0/24 are BOTH masqueraded via 209.90.234.1.
The behavior I want is:
10.0.1.0/24 to masquerade via 209.90.234.1.
216.168.46.0/24 to simply route as usual.
ryan
On 7/3/15 6:34 PM, Chupaka wrote:
"disabled=yes" huh?..
4 Июл 2015 г. 2:04 пользователь "D. Ryan Spott" <rsp...@ngc457.com>
написал:
This might help:
A diagram
The export of the config:
...
/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
add bridge=LAN interface=ether4
add bridge=WAN interface=ether1
/ip address
add address=209.90.234.1/28 interface=WAN network=209.90.234.0
add address=216.168.46.1/28 interface=LAN network=216.168.46.0
add address=10.0.1.1/28 interface=LAN network=10.0.1.0
...
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=WAN \
src-address=10.0.1.0/24
/ip route
No DHCP server, no hotspot, no crazy firewall filters.
ryan
On 7/3/15 2:05 PM, Scott Lambert wrote:
That rule is not natting your 216.168.46.0/24 <http://216.168.46.0/24>
traffic, barring a major bug in RouterOS. Something else may be, but not
that rule as shown here.
"/ip firewall nat export" and show the command you typed all the way
through the next command prompt.
Also let us know your RouterOS version.
On July 3, 2015 11:49:33 AM CDT, "D. Ryan Spott" <rsp...@ngc457.com>
wrote:
I have the following network:
<internet>-<router>-<ISP Network>
The router has a WAN IP of 209.90.234.1/28
The router has a LAN IP of 216.168.46.0/24
The router has a LAN IP of 10.0.1.0/24
When I enable this:
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN
src-address=10.0.1.0/24
The result is ALL of the LAN clients 10. and 216. are all
masqueraded to 209.90.234.1.
How can I limit the masquerade to the 10.0.1.0/24 network ONLY and
let the 216.168.46.0 addresses do the normal internet routing
thing?
It is something obvious. Need more coffee.. or Scotch.
ryan
-- D. Ryan Spott | NGC457, llc
broadband | telco | colo | communities
PO Box 1734 Sultan, WA 98294
425-939-0047
------------------------------------------------------------------------
Mikrotik-users mailing list
mikrotik-us...@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
D. Ryan Spott | NGC457, llc
broadband | telco | colo | communities
PO Box 1734 Sultan, WA 98294
425-939-0047
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://mail.butchevans.com/pipermail/mikrotik/attachments/20150703/34e9a2ed/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iccdibgf.png
Type: image/png
Size: 78948 bytes
Desc: not available
URL: <
http://mail.butchevans.com/pipermail/mikrotik/attachments/20150703/34e9a2ed/attachment.png
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://mail.butchevans.com/pipermail/mikrotik/attachments/20150704/6b03656e/attachment.html
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
--
D. Ryan Spott | NGC457, llc
broadband | telco | colo | communities
PO Box 1734 Sultan, WA 98294
425-939-0047
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20150704/41ab7b99/attachment.html>
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
--
D. Ryan Spott | NGC457, llc
broadband | telco | colo | communities
PO Box 1734 Sultan, WA 98294
425-939-0047
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS