Sounds Interesting Mike, thanks for the effort ! Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Wednesday, 3 February 2016 12:46 PM To: 'MikroTik Australia Public List' Subject: [MT-AU Public] CGNAT implementation with routerOS Hi all, I thought members of this list may be interested in results of some discussions that I have been having over last few weeks with tech team at MT regarding CGNAT implementations and RFC7422. In reaction to these duiscussions, Janis M and Maris have put together an article on the subject here: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Carrier-Grade_NAT_.28CG NAT.29_or_NAT444 Two important points coming out of this discussion are: 1) src-nat table does not have major impact on CPU resource since only the first packet of the connection parses this table, therefore it is OK to have very large numbers of rules with no need for partitioning via multiple jump rules 2) a script published by Maris and Janis offers an effective way to build CGNAT rules with flexible definitions of src-port grouping When we started talking about this, I was asking for feature to make a CGNAT rule like that using just one entry, and although I still think that such a feature enhancement would be particularly valuabe, this scripted result achieves pretty much exactly what I was asking for ;) THANK YOU Maris and Janis M :-) Cheers, Mike. _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au