IP address of a request from the outside world

AndrewCZ · July 15, 2009, 10:00am

Hi everybody,

we have a Mikrotik router, several servers and offices behind it. Clients make requests to servers from the outside world and also from our offices on the same subnet. The router uses two interfaces (external with 5 IPs from our ISP, internal - 192.168.0.1). Our servers and computers in offices have IP addresses 192.168.0.xxx. There is a dst-nat for requests to our servers and src-nat for communication the other way. (Almost) Everything is working fine.

But we have one extremely annoying problem - all requests from the outside world (and from our offices when using domain names) have request IP address 192.168.0.1. That makes spam filtering half-working and Apache access log statistics completely useless. Is there are way to solve this while keeping the situation that our servers are set to internal IP addresses and Mikrotik handles the port and IP address rewriting (some kind of more “transparent” IP rewrite than dst-nat I guess)?

Thanks very much.

daulet · September 20, 2016, 2:40pm

I have the same problem, were you able to fix this?

savage · September 20, 2016, 8:07pm

Your masquerade and nat rules are wrong

daulet · September 21, 2016, 8:37am

 
  chain=dstnat action=netmap to-addresses=internal_server_ip to-ports=443 protocol=tcp dst-address=external_wan_ip dst-port=443 log=no log-prefix="" 
        
  chain=srcnat action=masquerade src-address=internal_server_ip out-interface=ether2_wan log=no log-prefix=""

what’s wrong with these?

Sob · September 21, 2016, 2:01pm

Are you sure you don’t have anything else in srcnat chain?

savage · September 22, 2016, 12:57am

Netmap rewrites the src address. You want dst-nat instead.

chain=dstnat action=dst-nat to-addresses=internal_server_ip to-ports=443 protocol=tcp dst-address=external_wan_ip dst-port=443 log=no log-prefix=""