We are a Hotspot provider operates in Brisbane and Melbourne using router boards and RADIUS server for authentication. When complying with Australian legislation we would like to know the best practices for Data Retention that Mikrotik are capable of. Does anyone have an idea?
Hi Mate, there’s a few ways around this.
Mike from Duxtel did some good work on a CGNAT style solution while I put through a feature request that resulted in MikroTik adding support for src-x-port, and src-x-address to the Netflow export.
This means that if you have a Netflow server setup to receive these flows you can record both the internal and translated address and port for a connection; fulfilling the government requirements.
Otherwise, I believe this is the CGNAT inplementation that can be used: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Carrier-Grade_NAT_.28CGNAT.29_or_NAT444
P.S. Feel free to reach out to me if you have more questions, I’m working in Brisbane for the next few weeks and then heading back to the US.