Same here.
[admin@efcel-vld] > /system routerboard print
routerboard: yes
model: 750UP
serial-number: 4691026B…
current-firmware: 3.17
upgrade-firmware: 3.17
RouterOS 6.30
[admin@efcel-vld] > /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R ether1-gateway ether 1500 1600 4076 D4:CA:6D:02:1E:B1
1 R ether2-master-local ether 1500 1598 2028 D4:CA:6D:02:1E:B2
2 S ether3-slave-local ether 1500 1598 2028 D4:CA:6D:02:1E:B3
3 S ether4-slave-local ether 1500 1598 2028 D4:CA:6D:02:1E:B4
4 S ether5-slave-local ether 1500 1598 2028 D4:CA:6D:02:1E:B5
7 R pppoe-out1 pppoe-out 1480
[admin@efcel-vld] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.0.1/24 192.168.0.0 ether2-master-local
1 D xx.yy.129.61/32 xx.yy.131.254 pppoe-out1
My external interface is pppoe.
Masquerading is used on pppoe-out1 interface.
xx.yy.129.61 - is my public ip
[admin@efcel-vld] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=pppoe-out1 log=no
log-prefix=“”
Netflow settings
[admin@efcel-vld] /ip traffic-flow> export
aug/07/2015 21:22:01 by RouterOS 6.30
software id = HIH9-5EMB
/ip traffic-flow
set enabled=yes interfaces=ether2-master-local
/ip traffic-flow target
add address=192.168.0.2:555 version=5
Do test.
On a linux pc on lan (server2.lan 192.168.0.2) download file (5 mbytes) from Internet site
igor@server2:~/tmp$ wget http://mirror.yandex.ru/debian-cd/current-live/amd64/iso-hybrid/debian-live-8.1.0-amd64-gnome-desktop.iso.zsync
–2015-08-07 21:52:07-- http://mirror.yandex.ru/debian-cd/current-live/amd64/iso-hybrid/debian-live-8.1.0-amd64-gnome-desktop.iso.zsync
Resolving mirror.yandex.ru… 213.180.204.183, 2a02:6b8::183
Connecting to mirror.yandex.ru|213.180.204.183|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 5386623 (5.1M) [application/octet-stream]
Saving to: “debian-live-8.1.0-amd64-gnome-desktop.iso.zsync”
100%[====================================================================>] 5,386,623 1.54M/s in 3.3s
2015-08-07 21:52:11 (1.54 MB/s) - “debian-live-8.1.0-amd64-gnome-desktop.iso.zsync” saved [5386623/5386623]
Netflow data from mikrotik is received by flow-capture program running on linux pc 192.168.0.2.
root@server2:/# ps -ef|grep flow
root 2330 1 0 Aug06 ? 00:00:05 /usr/bin/flow-capture -w /vol2/netflow -n 287 -S5 192.168.0.2/192.168.0.1/555
In 5 minutes print data received from mikrotik
root@server2:/vol2/netflow/2015/2015-08/2015-08-07# ls -l ft-v05.2015-08-07.215001+0300
-rw-r–r-- 1 root root 1756 Aug 7 21:55 ft-v05.2015-08-07.215001+0300
root@server2:/vol2/netflow/2015/2015-08/2015-08-07# flow-cat ft-v05.2015-08-07.215001+0300 | flow-print | egrep “213.180.204.183|srcIP”
srcIP dstIP prot srcPort dstPort octets packets
213.180.204.183 xx.yy.129.61 6 80 33550 5587514 3858
It show that 5 mb file was downloaded by xx.yy.129.61 . But it is wrong.
xx.yy.129.61 - is public ip on external pppoe interface of mikrotik router.
Instead xx.yy.129.61 here must be 192.168.0.2 , the linux pc (server2) than really downloaded file from internet.
I have another mikrotik router, the same model, and it is working ok (netflow accounting).
Differens only in ROS version (6.4), and that external interface is not pppoe, but simple static ip (public).
I did reboot mikrotik, but it is not help.