Hi everyone,
Noticed on one of my core routers today that i can see connections to and from IP ranges on my customers private lan.
The is behing a public IP using masquerade though, as i assumes that i would only see connections coming too and from the address that i have assigned them.
I happen to maintain the customers network so naturally i have a mikrotik there, so i know that they are definately using NAT.
Post a network diagram together with the output of “/ip address print detail”, “/ip route print detail”, and “/ip firewall export” from both routers, as well as a screenshot or copy/paste of the section of the connection table the question relates to. Please wrap all output in
tags.
A quick guess is that you have invalid connections. Invalid connections - for example - are packets that don't belong to a connection the router watched being established. NAT only happens on the first packet of a connection and then gets repeated for all subsequent packets in a connection. If a packet doesn't belong to a connection it won't run through NAT and you will see the real IP address on upstream routers as that is how it was received by them. A simple fix - if that is the issue - is to drop all packets with a connection-state of "invalid" in the IP firewall filter on the CPE.