Problem NAT Server, Client's Public IP Not Show in log

Hi guys!

I have installed Ubuntu server, when NAT is configured on the router it is then directed to the Ubuntu server. All IP access records in webserver logs, SSH and all other accesses are in the name of the router. Not in the name of the client’s public IP.

The main scenario is following (I will put it with below test rig information, in order to be easier to follow, please don’t mind the non-public link IP):

• WAN: 123.123.123.XXX/29
• LAN: 192.168.40.XXX/24

/ip firewall nat
chain=srcnat action=masquerade log=no log-prefix="" 
chain=srcnat action=src-nat to-addresses=IP_WAN src-address=IP_LAN out-interface=WAN log=no log-prefix=""
chain=dstnat action=dst-nat to-addresses=IP_LAN dst-address=IP_WAN in-interface=WAN log=no log-prefix="" 
chain=srcnat action=src-nat to-addresses=IP_WAN src-address=IP_LAN out-interface=WAN

thank’s

This is the cause:

/ip firewall nat
chain=srcnat action=masquerade log=no log-prefix=""

Everything that crosses the firewall has its source IP changed to the router’s exit interface.

can you tell me the correct configuration?

Yeah, if you have a fixed/static WANIP, then you need to delete that first rule, its getting in the way.
The fourth rule below is just a duplicate of the second rule, and should be removed as well.
You should only need two rules.

Question: Is there a reason on the SOURCENAT RULE, why you feel the need to stipulate the src-address???

Code: Select all

/ip firewall nat
chain=srcnat action=masquerade log=no log-prefix=“”
chain=srcnat action=src-nat to-addresses=IP_WAN src-address=IP_LAN out-interface=WAN log=no log-prefix=“”
chain=dstnat action=dst-nat to-addresses=IP_LAN dst-address=IP_WAN in-interface=WAN dst-port protocol=???
chain=srcnat action=src-nat to-addresses=IP_WAN src-address=IP_LAN out-interface=WAN

Finally, the third rule, the DST NAT RULE, does not require in-interface=WAN so remove that bit but you are MISSING.
dst-port and dst-protocol ???

Thank you very much. problem solved.