dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


Cold Lake, AB
reply to viperm

Re: Masquerading / natting a single IP or subnet

I have done this with MikroTik.

Add a srcnat rule before your main masquerade rule if used.

In the MikroTik it is;

chain=srcnat action=src-nat to-addresses=[Public IP]
out-interface=[WAN Interface]

In my case, the IP address list is populated with selected IP addresses from different subnets(towers). I also have 1-1 NAT for selected IP's (appears before group NAT) as well as the last rule which does masquerade to a separate public IP for everyone else not listed in the first rules.

It all works perfect!

Carpe Diem
Winchester, CA

Okay cool I think I see it now. YOu said different subnets from different towers? are you just bridged to those other towers or fully routed? if routed how are you set up to pass those different IPs. Static routes routes on your core router or OSPF on all of them?

I have one tik now but am putting another one at the main tower and had planned using OSPF on those two Tiks.

I have my public Ip's on my WAN port of my main tick I cant put them inside of my network as I dont have a /30 from my upstream to route them over. I have a /29 of IP's thats it so I have to keep them on the Wan port until my other provider is up and running then I will have a /24 of public and a /30 for transport of those IP's and then I can have the /24 broken up and routeable from within my network. I.E. multiple subnets of that /24 on different towers..
ComTrain Certified Tower Climber.
Wireless and IT consultant.
Proficient in Mikrotik


Cold Lake, AB

The towers are routed (without NAT) and I am still using static routes. The internal IP's are available on the LAN side of the core router. I have a /30 and a /28 and just do 1-1 NAT to provide public IP's and have no issues.


reply to viperm

When my /24 ran out I started doing this. I just added the new private network(s) to OSPF and the routes propagated through. The privates are routed all the way back to the core. Then I just added a src-nat rule to the core router. On each tower router, I just added another IP pool so when the publics run out on a particular tower, they get a priavte IP instead. Good temporary fix till I get more IP's.

add action=src-nat chain=srcnat comment="NAT Customers with Non Public addresses" disabled=no out-interface="Public - ether05" src-address= to-addresses="Public IP of your choice"

By the way, nice tower site (in the other thread) :)