I've seen the following two threads which gave some insight, but I dont think they will acheive what I want.
http://community.ubnt.com/t5/EdgeMAX/NAT-with-multiple-public-IP-address-IP-nat-pool/td-p/411989
http://community.ubnt.com/t5/EdgeMAX/Edgerouter-POE-NAT-Pool-configuration/td-p/769604
I have an ERP8 with ETH7 connected to ISP and ETH0 connected to LAN
ISP provides a standard IP address which is assigned to ETH7, plus an additional routed /28
I've configured several 1:1 NAT entries using addresses from within the /28 leaving me a range of 6 addresses in the same subnet I wish to use as a pool.
The internal LAN comprises 2 subnets (Let's say 172.16.1.0 and 172.16.100.0)
I want to Masquerade 172.16.100.0/24 via eth7 and use the range of 6 addresses as a pool.
group {
network-group "natpoolclients" {
network 172.16.100.0/24 }
}
ethernet eth7 {
address y.y.y.y/30
address z.z.z.z/28
}
service nat
rule 5010 {
outbound interface eth7
outside address {
address z.z.z.1 - z.z.z.6
)
source {
group {
network-group natpoolclients
}
}
type source
if I try and add
set service nat rule 5011 type masquerade
then I get "cannot specify outside address with masquerade"
Will that acheive what I'm after ?