Hi guys,
My company has just replaced a stack of Ubiquiti Edgerouters with Mikrotik gear - hopefully BGP won’t crash every 24 hours now! Since we’re new to RouterOS, I apologise if this is a stupidly basic question.
In any case, we’re having problems with traceroute source IPs. We use GRE tunnels for DDoS protection, so we need to hide our endpoint in traceroutes. We’re aware we can do this by blocking ICMP, although it’s not ideal since it hinders debugging.
With the UBNT gear, the internal GRE tunnel endpoint IP would display in traceroutes, which was great.
From reading the forums, it appears that RouterOS sends outgoing traceroute packets via the default route, rather than the interface it receives it on. A few posters suggested using NAT to correct this.
I’ve tried, but it doesn’t seem to be working. This is the rule I setup:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=src-nat to-addresses=72.x.xx.26 protocol=icmp src-address=221.xxx.xxx.51 log=no log-prefix=“”
72.x.xx.26 is the IP I would like to appear in traces, and 221.xxx.xxx.51 is the IP that is appearing at the moment.
Can anyone point me in the right direction?
Cheers.