Hello everybody, my question is broadly know, but still doesn’t solved:
I have:
- RouterOS v.6.32.3 on CCR1016-12G
- enabled Traffic Flow
/ip traffic-flow print
enabled: yes
interfaces: all
cache-entries: 256k
active-flow-timeout: 5m
inactive-flow-timeout: 15s
- ntopng as flow collector
- External interface with NAT
As a result: ntopng show uploaded traffic correctly for clients with private IP, but all downloaded traffic display on mikrotiks external IP.
I suggest that because there is NAT on this external port,
How avoid this wrong config and force mikrotik send correct netflow data about clients downloaded traffic?
thx
There is information that it’s may be a bug of RouterOS (but not my version).
Or exist any ways for avoid NATing (e.g. mangle chainz or whatever…)
May be port mirroring?
Who used traffic flow with collector, please, share experience 
I think you need to update to 6.35.2 to solve this problem.
Thank you for reply.
Problem is that on any other older version traffic flow doesnt work with NAT, how many times i tried
I don’t know the exact details but at some release of RouterOS the output of netflow for NAT connections has
been changed to adhere to some newer standard, so you need uptodate versions of both your RouterOS
and your analysis tool. Then it should work.
Well guys i upgraded RouterOS to 6.35.2 and miracle.
All traffic become correct.
Ntop show send and recieve traffic without nated IP
I swear, all other latest version ROS nating netflow data.
thx
Sorry to dig up an old post, what version of ntopng and nprobe did you use for this?
I would like a similar setup, but am not certain of their licensing etc. What exactly do I need to accomplish this?
Thanks.