How to set up NAT correctly?

H

HawK2016-10-05 22:15:14

System administration

HawK, 2016-10-05 22:15:14

Recently I noticed that in the default configuration MikroTik adds a rule to / ip firewall nat, in which out interface is specified as a parameter, looking towards the provider, the same settings are given in numerous manuals. When using several providers, it is more convenient to write masquerading for local src. address with one rule, without specifying out interface. Are there any differences in how these masquerading rules work? Why doesn't the default config create a masquerading rule for src. address=192.168.88.0/24, but a rule is created with out interface?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

Cool Admin, 2016-10-05
@HawK3D

Because in the case of using the range and all traffic from the range will be masked, which is not always required (for example, if there is any tunnel nearby, traffic to it from the local network can not be masked).
Similarly, if WiFi is a separate network or Vlan appears.
Yes, in general, there are many situations when the redundancy of the masking rule will play a cruel joke on ignorance.
Also, I note that the creation of at least two, at least ten, but specific narrow rules will not load (from the word almost nothing) the processor of the device, rather than one, but processing the entire traffic flow.