Hi,
I am trying to capture traffic from/to a public IP 1.1.1.1 connecting to my Mikrotik FW/Router/NAT to some specific port, let’s say 22/TCP, on public IP address 2.2.2.2. Port 22 is forwarded to a local lan IP 192.168.1.5 with the same port.
So IP address 1.1.1.1 trying to connect to 2.2.2.2:22/TCP, Mikrotik forwards is to 192.168.1.5:22/TCP.
Everything works and all is probably sets good. I am wondering where I can capture packet ?
I can see packets in RAW Prerouting (1.1.1.1 → 2.2.2.2:22), then Mangle Prerouting (1.1.1.1 → 2.2.2.2:22), then DSTNAT (1.1.1.1 → 2.2.2.2:22), then Mangle Forward (1.1.1.1 → 192.168.1.5:22), then Filter Forward (1.1.1.1 → 192.168.1.5:22), then way back in Mangle Forward (192.168.1.5:22 → 1.1.1.1), Filter Forward (192.168.1.5:22 → 1.1.1.1) and Mangle Postrouting (192.168.1.5:22 → 1.1.1.1).
I can’t find any packets from 2.2.2.2 to 1.1.1.1 or I am unable to find the right place to capture it.
I can find packets from 2.2.2.2 to 1.1.1.1 in RAW Output for example when I am pinging from 1.1.1.1 to 2.2.2.2, but that’s all.
I thought I will be able to capture packets going back to 1.1.1.1 on SRCNAT, but I can’t see them.
Is the Mangle Postrouting the last place where I can see outgoing packets ?
Why I cannot see any packets from 2.2.2.2:22 to 1.1.1.1 ?
Thanks a lot