Let routerOS create it for you. Create a hotspot with the wizard in 10.x network. Next next next next next. And disable the hotspot. The nat rule will be there 😂.
The rule you and chupaka posted works ok also. Martín Ruiz Director técnico 902 909 858 - 669379521 www.ibersystems.es > El 04/07/2015, a las 04:16, "D. Ryan Spott" <rsp...@ngc457.com> escribió: > > Duurrrrrr.... > > So the IP addresses I have been referencing are false ones to protect the > innocent.. I used Chupaka's first rules but neglected to translate them into > the real IP addresses. > > They did work. All appears to be well. Call me embarrassed! > > Thanks to Chupaka. > > ryan > > >> On 7/3/15 7:02 PM, Chupaka wrote: >> So, 216.168.46.0/24 is masqueraded and 209.90.234.1/28 is NOT masqueraded >> by the rule with "src-address=10.0.1.0/24"? Isn't that a kind of magic?.. >> >> Have you tried the rules from my first answer? >> >> -- >> Подпись: >> (добавляется в конце всех исходящих писем) >> >> 2015-07-04 4:44 GMT+03:00 D. Ryan Spott <rsp...@ngc457.com>: >> >>> That is correct. It is disabled. When this is enabled then >>> 216.168.46.0/24 and 10.0.1.0/24 are BOTH masqueraded via 209.90.234.1. >>> >>> The behavior I want is: >>> 10.0.1.0/24 to masquerade via 209.90.234.1. >>> 216.168.46.0/24 to simply route as usual. >>> >>> ryan >>> >>> >>>> On 7/3/15 6:34 PM, Chupaka wrote: >>>> >>>> "disabled=yes" huh?.. >>>> 4 Июл 2015 г. 2:04 пользователь "D. Ryan Spott" <rsp...@ngc457.com> >>>> написал: >>>> >>>>> This might help: >>>>> >>>>> A diagram >>>>> >>>>> >>>>> >>>>> The export of the config: >>>>> >>>>> ... >>>>> >>>>> /interface bridge port >>>>> add bridge=LAN interface=ether2 >>>>> add bridge=LAN interface=ether3 >>>>> add bridge=LAN interface=ether4 >>>>> add bridge=WAN interface=ether1 >>>>> >>>>> /ip address >>>>> add address=209.90.234.1/28 interface=WAN network=209.90.234.0 >>>>> add address=216.168.46.1/28 interface=LAN network=216.168.46.0 >>>>> add address=10.0.1.1/28 interface=LAN network=10.0.1.0 >>>>> >>>>> ... >>>>> >>>>> /ip firewall nat >>>>> add action=masquerade chain=srcnat disabled=yes out-interface=WAN \ >>>>> src-address=10.0.1.0/24 >>>>> /ip route >>>>> >>>>> No DHCP server, no hotspot, no crazy firewall filters. >>>>> >>>>> >>>>> ryan >>>>> >>>>>> On 7/3/15 2:05 PM, Scott Lambert wrote: >>>>>> >>>>>> That rule is not natting your 216.168.46.0/24 <http://216.168.46.0/24> >>>>> traffic, barring a major bug in RouterOS. Something else may be, but not >>>> that rule as shown here. >>>> >>>>>> "/ip firewall nat export" and show the command you typed all the way >>>>> through the next command prompt. >>>>> Also let us know your RouterOS version. >>>>>> On July 3, 2015 11:49:33 AM CDT, "D. Ryan Spott" <rsp...@ngc457.com> >>>>> wrote: >>>>> I have the following network: >>>>>> <internet>-<router>-<ISP Network> >>>>>> >>>>>> The router has a WAN IP of 209.90.234.1/28 >>>>>> The router has a LAN IP of 216.168.46.0/24 >>>>>> The router has a LAN IP of 10.0.1.0/24 >>>>>> >>>>>> When I enable this: >>>>>> /ip firewall nat >>>>>> add action=masquerade chain=srcnat out-interface=WAN >>>>>> src-address=10.0.1.0/24 >>>>>> >>>>>> The result is ALL of the LAN clients 10. and 216. are all >>>>>> masqueraded to 209.90.234.1. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> How can I limit the masquerade to the 10.0.1.0/24 network ONLY and >>>>>> let the 216.168.46.0 addresses do the normal internet routing >>>>>> thing? >>>>>> >>>>>> It is something obvious. Need more coffee.. or Scotch. >>>>>> >>>>>> >>>>>> ryan >>>>>> >>>>>> -- D. Ryan Spott | NGC457, llc >>>>>> broadband | telco | colo | communities >>>>>> PO Box 1734 Sultan, WA 98294 >>>>>> 425-939-0047 >>>> ------------------------------------------------------------------------ >>>> >>>>> Mikrotik-users mailing list >>>>>> mikrotik-us...@wispa.org >>>>>> http://lists.wispa.org/mailman/listinfo/mikrotik-users >>>>>> >>>>>> -- Sent from my Android device with K-9 Mail. Please excuse my brevity. >>>>> -- >>>>> D. Ryan Spott | NGC457, llc >>>>> broadband | telco | colo | communities >>>>> PO Box 1734 Sultan, WA 98294 >>>>> 425-939-0047 >>>>> -------------- next part -------------- >>>>> An HTML attachment was scrubbed... >>>>> URL: < >>>> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150703/34e9a2ed/attachment.html >>>> >>>>> -------------- next part -------------- >>>>> A non-text attachment was scrubbed... >>>>> Name: iccdibgf.png >>>>> Type: image/png >>>>> Size: 78948 bytes >>>>> Desc: not available >>>>> URL: < >>>> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150703/34e9a2ed/attachment.png >>>> >>>>> _______________________________________________ >>>>> Mikrotik mailing list >>>>> Mikrotik@mail.butchevans.com >>>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>>> >>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>>> -------------- next part -------------- >>>> An HTML attachment was scrubbed... >>>> URL: < >>>> http://mail.butchevans.com/pipermail/mikrotik/attachments/20150704/6b03656e/attachment.html >>>> _______________________________________________ >>>> Mikrotik mailing list >>>> Mikrotik@mail.butchevans.com >>>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>> >>> -- >>> D. Ryan Spott | NGC457, llc >>> broadband | telco | colo | communities >>> PO Box 1734 Sultan, WA 98294 >>> 425-939-0047 >>> >>> _______________________________________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150704/41ab7b99/attachment.html> >> _______________________________________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://mail.butchevans.com/mailman/listinfo/mikrotik >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS > > > -- > D. Ryan Spott | NGC457, llc > broadband | telco | colo | communities > PO Box 1734 Sultan, WA 98294 > 425-939-0047 > > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
