Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander2019-02-25 11:24:26
Computer networks
Alexander, 2019-02-25 11:24:26

How to set up Masquerading in Mikrotik?

Good afternoon. Such a question - there are 5 who look at the world and 50 clients. It was planned so that 5 addresses would be evenly distributed among clients. The original attempt was to do something like this:

ip address add address=192.168.8.2 interface=ether1
ip address add address=192.168.8.3 interface=ether1
ip address add address=192.168.8.4 interface=ether1
ip address add address=192.168.8.5 interface=ether1

ip firewall nat add action=masquerade src-address=172.19.123.0/24 out-interface=eth1 chain=srcnat

But if I started to look at which address the entire download was going on, then I saw that everything was going to 8.2.
I tried to make a rule with a masquerade for each address of the 172.19.123.0/24 subnet (of course, turned off the rule above) 8.2.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry, 2019-02-25
@stinger0

It is necessary to use not a masquerade, but the snat rule.
The task can be divided into three stages .
Stage 1, divide into five groups established connections according to the criterion source address (You have only four external addresses, so the example will be for four, also the network 172.19.123.0/24 is not can be private, but the owner is the master and in the example left as indicated by you)
Stage 2 Mark the connection from each group with the appropriate label
Stage 3 pass the group traffic through the corresponding source nat rules according to the assigned label
/ip firewall mangle
add action=mark-connection chain=prerouting new-connection-mark=1st_conn \
per-connection-classifier=src-address:4/0 src-address=172.19.123.0/24
add action=mark-connection chain=prerouting new-connection-mark=2st_conn \
per-connection-classifier=src-address:4/1 src-address=172.19.123.0/24
add action=mark-connection chain=prerouting new- connection-mark=3st_conn \
per-connection-classifier=src-address:4/2 src-address=172.19.123.0/24
add action=mark-connection chain=prerouting new-connection-mark=4st_conn \
per-connection-classifier =src-address:4/3 src-address=172.19.123.0/24
/ip firewall nat
add action=src-nat chain=srcnat connection-mark=1st_conn out-interface=ether1 \
to-addresses=192.168.8.2
add action =src-nat chain=srcnat connection-mark=2st_conn out-interface=ether1 \
to-addresses=192.168.8.3
add action=src-nat chain=srcnat connection-mark=3st_conn out-interface=ether1 \
to-addresses=192.168.8.4
add action=src-nat chain=srcnat connection-mark=5st_conn out-interface=ether1 \
to-addresses =192.168.8.5
there must be no other masquerade rules higher than these

Similar questions
A
alexnem2020-09-26 09:46:45
Big time using a new laptop? 5Reply
A
Alexander Sukharev2014-01-22 18:36:34
How are online prototyping services like moqups.com, uxpin.com, hotgloo.com created? 2Reply
T
tanokni2014-01-22 21:42:09
Which Linux distribution to choose for a novice web developer? 10Reply
S
shamanovski2016-04-07 18:08:17
What visitor data is collected by websites? Can a website tell if a visitor is using VMWare? 1Reply
A
Arch1e_off2020-08-06 21:27:04
Is it possible to connect both the router and the PC to the switch? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question