Portforward Client IPs show up as the router?

FinlayDaG33k · April 22, 2020, 9:55am

Hii there,

I’m trying to fix an error on my website, which I can now track to my MikroTik router.
When I try to get the Client IP, it returns as 10.0.0.1 no matter what (LAN devices and WAN devices - eg. those on 4G).
This, of course, isn’t exactly desireable so now I need to fix it… but I have no clue how.

I have made this rule in my NAT to allow access to the website (over port 443):

chain=dstnat action=dst-nat to-addresses=10.0.0.149 to-ports=443 protocol=tcp dst-address=REDACTED dst-port=443 log=no log-prefix=""

Is there anything wrong with this rule?
How can I get the actual IP address of whom is trying to visit?

msatter · April 22, 2020, 10:13am

If you use an other router/modem in front of this router have them route traffic to you and not have them use src-nat of have them use dst-nat.

FinlayDaG33k · April 22, 2020, 10:29am

Thanks for your reply.
There is only a modem in front without routing capability (my MikroTik router is the first in line for handling routing).
Before this I had a PfSense box which worked perfectly (until it died)

FinlayDaG33k · April 22, 2020, 10:49am

I found the issue.
There was this rule that caused the issue:

chain=srcnat action=masquerade src-address=0.0.0.0/0 dst-address=0.0.0.0/0 log=no log-prefix="

Changed it to this, and now it works

chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""

anav · April 22, 2020, 12:43pm

Ahhh so the error was not due to the router, it was due to the person who configured the router. Routers cant go to jail .