I am really needing help in a non-trivial configuration of Mikrotik.
The first person to give me a helpful hint and make me solve the problem, I paid $ 15. (I must resolve this problem in the next 24 hours)
Context:
I need to answer a tracerouter with another IP.
What usually happens:
When you give the command tracerouter from o computer outside to a computer within the network (via the Mikrotik), necessarily, there will be a time that the Mikrotik receive an ICMP packet with TTL=1; src-adress=[outsideIP];dst-adress=[insideIP];
By default, Mikrotik will decrement the TTL to 0 and therefore, will discard the packet and notify the src-adrress that the packet was discarded.
To generate the warning, it will create a package with the following characteristics:
protocol=ICMP;src-adress=[mikrotikIP],dst-adress=[outsideIP] and (icmp-type=11 & icmp-code=0);
This combination of type 11 and code 0 in the ICMP protocol means: βThe TTL was zero and I, Mikrotik, had to discard the packet.β
The problem:
I want the package instead of being generated with src-adress = [mikrotikIP] is sent using the src-adress = [mikrotikIP2]. (Only that !!!)
In theory there is no big deal, since it is only to create a firewall rule-> NAT as follows:
chain=src-nat; action=src-nat; to-address=[mikrotikIP2]; protocol=icmp; src-adress=[mikrotikIP];
Thus, in theory, the package will leave with the other IP of Mikrotik. (mikrotikIP2);
You have to assume that all IPs and routes are configured.
The error is: The package do not pass via SRC-NAT chain!
If I create a rule in the OUTPUT chain of the mangle, the package passes, but there is no action to change the src-nat.
From what I understand, the package does not pass through NAT when it is generated by Mikrotik.
(i Can not give access to Mikrotik for anyone, but I can give any information)
Seeing the flow of packets for packets generated by Mikrotik, the package should passes along the chain src-nat:
See: http://www.mikrotik.com/documentation//manual_2.7/Img/IP_Packet_Flow25.png
