Answer the question
In order to leave comments, you need to log in
How to set up NAT correctly?
Recently I noticed that in the default configuration MikroTik adds a rule to / ip firewall nat, in which out interface is specified as a parameter, looking towards the provider, the same settings are given in numerous manuals. When using several providers, it is more convenient to write masquerading for local src. address with one rule, without specifying out interface. Are there any differences in how these masquerading rules work? Why doesn't the default config create a masquerading rule for src. address=192.168.88.0/24, but a rule is created with out interface?
Answer the question
In order to leave comments, you need to log in
Because in the case of using the range and all traffic from the range will be masked, which is not always required (for example, if there is any tunnel nearby, traffic to it from the local network can not be masked).
Similarly, if WiFi is a separate network or Vlan appears.
Yes, in general, there are many situations when the redundancy of the masking rule will play a cruel joke on ignorance.
Also, I note that the creation of at least two, at least ten, but specific narrow rules will not load (from the word almost nothing) the processor of the device, rather than one, but processing the entire traffic flow.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question