Page 1 of 1

Server internet traffic

Posted: Tue Apr 30, 2019 11:25 am
by bmezini
Hi, so we have a web server behind a mikrotik router which forwards ports 80,443 etc.. to the server. The problem is that all traffic logs from my server show that all the traffic is comming from (a.k.a. the router) and not the actual hosts. This is very important because it means i can't blacklist anyone who is brute-forcing my server because the only IP the logs show is the router IP. Does this happen because of port-forwarding? Is there anyway for the router to pass the remote-host info to the server?
Thanks in advance.

Re: Server internet traffic

Posted: Tue Apr 30, 2019 11:56 am
by mkx
Your NAT rules are flawed. Post output of /ip firewall export hide-sensitive (redact public addresses but if tgere are more than one, do it in the way it is obvious which is which).