Hi folks,
I checked several threads about same problem but I didn’t succeeded to solve my problem.
I have Mikrotik board-name: RB2011UiAS-2HnD
On that Mikrotik, I have several public IP’s.
Each of the public IPs was NAT on some private IP, usually on some Linux server.
I need to set NAT that I can see visitor’s real IP in logs instead of router IP.
This is IPs:
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.1.1/24 192.168.1.0 bridge
1 147.xx.xxx.74/29 147.xx.xxx.72 ether1-lan
2 147.xx.xxx.76/29 147.xx.xxx.72 ether1-lan
3 147.xx.xxx.77/29 147.xx.xxx.72 ether1-lan
4 147.xx.xxx.78/29 147.xx.xxx.72 ether1-lan
This is my firewalls rules:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=dstnat action=dst-nat to-addresses=192.168.1.211 dst-address=147.xx.xxx.77 dst-address-type=local
in-interface=ether1-lan log=no log-prefix=""
1 chain=dstnat action=dst-nat to-addresses=192.168.1.200 dst-address=147.xx.xxx.78 in-interface=ether1-lan log=no
log-prefix=""
2 chain=dstnat action=dst-nat to-addresses=192.168.1.207 dst-address=147.xx.xxx.76 in-interface=ether1-lan log=no
log-prefix=""
3 chain=dstnat action=dst-nat to-addresses=192.168.1.208 dst-address=147.xx.xxx.75 in-interface=ether1-lan log=no
log-prefix=""
4 chain=srcnat action=src-nat to-addresses=147.xx.xxx.78 src-address=192.168.1.200 log=no log-prefix=""
5 chain=srcnat action=src-nat to-addresses=147.xx.xxx.77 src-address=192.168.1.211 out-interface=ether1-lan log=no
log-prefix=""
6 chain=srcnat action=src-nat to-addresses=147.xx.xxx.76 src-address=192.168.1.207 out-interface=ether1-lan log=no
log-prefix=""
7 chain=srcnat action=src-nat to-addresses=147.xx.xxx.75 src-address=192.168.1.208 out-interface=ether1-lan log=no
log-prefix=""
8 ;;; defconf: masquerade
chain=srcnat action=src-nat to-addresses=147.xx.xxx.74 out-interface=ether1-lan log=no log-prefix=""
I need when someone loging over public IP 147.xx.xxx.77, because that IP was NAT to private 192.168.1.211 that I can see in logs real visitor IP address instead router IP 192.168.1.1
Thank you.