Have a small problem with my NAT Port forwarding and hope someone can help me…
Have a port forwarded to my internal Server, everything is working fine BUT the Problem is on the internal Server log every Client have the same IP (the local IP from my Firewall) and not the real external IP, is there a way that i Can see the real ip in the internal Server log (as before with dd-wrt)?
Ok - it looks like you have hairpin nat enabled. (comment says NAT Loopback)
The logic of this rule was wrong - change dst-address-list=LocalLAN to be src-address-list=LocalLAN
The way you had it configured will always masquerade because the destination of packets going out the lan interface will always be an address from your lan addresses (otherwise, the router would be sending them out some other interface).
So the source was always getting masqueraded.
You only want this to happen when a hairpin nat is taking place (when a LAN host is trying to reach a LAN server, but by using its public IP instead of its LAN ip).
So changing the rule to only apply whenever the source address of the packet is in you LAN addresses list, this rule won’t match incoming requests from the Internet, so your logs will show the correct source IP address. Of course, when a LAN user hits the server, it’s still going to show the Mikrotik’s IP as the source, but there’s no way around this because you have to do this for hairpin NAT.