Re: [44net] Issue routing multiple IPs to Mikrotik

NAT is NOT needed to go from 44 addresses to the internet using 44-net addresses.. You need to create proper routes and rules to direct any traffic originating from a 44 address to any routable IPs (except those for which you have direct tunnels - which happens by default if the routes are in the same routing table) to be sent via the ampr-gw. And if you want incoming traffic initiated from public IPs as well, you need to add proper settings to forward it to the proper 44-net hosts and, VERY IMPORTANT, to ensures the replies go out the same way they got in (via ampr-gw). But there is a discussion about the fact if this is really needed and if there could be another solution which reduces the load on the ampr-gw. If you access a public internet site, it actually does not matter to much if you access it using your public gateway address or your 44 address. Google and Youtube don't care about that. And the same goes for 99.99% of internet hosts. So in my opinion the best approach would be to send only traffic with 44 origin and 44 destination not in other routes via ampr-gw, to preserve your original 44 IP. All the rest should be NAT-ed to your public gateway IP, not your gateway's 44 net, in order to circumvent the whole 44net completely. This will give you better speed, better response times and will ease the work of the ampr gateway. So, to wrap up: - to your routing table holding all tunnel routes, add a route like <your subnet> to 44.0.0.0/0 via ampr-gw - to your routing table holding all tunnel routes, add a route like <your subnet> to 0.0.0.0/0 via your WAN (doing NAT) To allow incoming connections (Only if you really need to - your exposing your hosts !!!): - mark incoming new connections from ampr-gw with a connection mark - mark connections originating from your local 44 hosts having the previous connection mark with a routing mark corresponding to a routing table having its default route via ampr-gw Marius, YO2LOJ On 2016-10-05 02:00, Leon Zetekoff wrote: