Community discussions

MikroTik App
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

How to log nat translation ?

Mon Dec 11, 2006 10:00 am

If I have a Mikrotik box with source nat such as:

ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; added by setup
10.10.10.3/24 10.10.10.0 10.10.10.255 ether1
1 192.168.145.101/24 192.168.145.0 192.168.145.255 ether2

ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=ether2 src-address=40.40.40.0/24
action=masquerade


My clients are 40.40.40.x/24 behind ether1, and they go out ether2 with 192.168.145.101 ip address.
I need to log all mappings 40.40.40.x:portA --> 192.168.145.101:portB because I want to trace it.
I tryied with:

ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=ether2 src-address=40.40.40.0/24
action=log

but I can see only 40.40.40.x:portA --> public destination ip addr:portB,
so I haven't mapping 40.40.40.x:portA --> 192.168.145.101:portB logged.

Thanks
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

How to log nat translation ?

Mon Dec 11, 2006 1:50 pm

There's no way to do this ?

Thanks
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26294
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Dec 11, 2006 2:05 pm

the job of masquerading is to hide the machine behind a public address. the whole idea for this is to make it impossible to do what you want :)
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

How to log nat translation

Mon Dec 11, 2006 2:19 pm

Masquerading job should be to hide private IP behind public IP EXTERNALLY ... I expect MT (natting) router should show me "nat table", with information I need, as almost all router do ... isn't it ?

Thanks
Boris
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26294
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Dec 11, 2006 2:21 pm

what exactly do you expect to see in this table? please clarify
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

How to log nat translation ?

Mon Dec 11, 2006 2:32 pm

nat table should be:

Note: "public IP address" is the same for all (masqueranding)




private IP address_1:port_A --> public IP address:port_B
private IP address_2:port_C --> public IP address:port_D
private IP address_3:port_E --> public IP address:port_F
private IP address_4:port_G --> public IP address:port_H


For example, if some client of mine goes to web site with public IP address 30.30.30.30:80, client (natted) public IP and port will be "public IP address:some_port", but I need to know what is real private IP address and port doing web access ... only nat table can give this information.

Thanks
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26294
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Dec 11, 2006 2:51 pm

what do you understand with `port` in this case? ethernet port? you have many? how do you determine which clients use which ethernet port? I am really sure that you are looking in the wrong place to solve a simple problem
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Mon Dec 11, 2006 3:19 pm

boris should start with MT ROS basic configuration and networking basics, everything is nice and tidy in MT manual. hope he can find it. no offense. :idea:

so we can talk here using same terms and terminology
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

How to log nat translation ?

Mon Dec 11, 2006 3:40 pm

Guys,

I'm talk about TCP/UDP port ... what's more basic on networking world than this ?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26294
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Dec 11, 2006 3:45 pm

well Doh, this is already there. it's called torch. open winbox and run torch on the local interface. you will see where each local ip connects.
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

Mon Dec 18, 2006 12:26 pm

I mean I need a "masquerading-table" such as in this link http://hasenstein.com/linux-ip-nat/dipl ... 0000000000
Also, in this post
http://forum.mikrotik.com/viewtopic.php ... =sourcenat

cmit was talking about:

"The router is keeping a table of src-natted connections so it can do the reverse mapping (of incoming response packets) without further config. That's the way all standard masquerading devices work."

I mean that table of src-natted connections.
Does it exist in MT a way to log/view/report/print such a table ?


Thanks.
Boris
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26294
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Dec 18, 2006 12:29 pm

use torch, it does the same thing. if it lacks some feature, please write which one. you are able to see the src-address, the dst-address and the ports. what else is missing?
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Mon Dec 18, 2006 12:32 pm

table exist but not in accessible way, at least the way you want to access it - try torch like normis said.
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

Mon Dec 18, 2006 1:05 pm

Thanks Guys,

torch (and packet sniffer) show me what I want.
Does exist a way to log such information ?
I mean that in my country, as an ISP, we are forced by law to trace and log every single user session (but absolutely not session content), so I need to trace/log for every user session:

source (private) user IP address and (private) TCP/UDP port,
source-natted (public) user IP address and (public) TCP/UDP port,
destination (public) IP address and (public) TCP/UDP port.

Thanks again all you guys
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

Mon Dec 18, 2006 6:47 pm

Please, can you help me ?

thanks
 
changeip
Forum Guru
Forum Guru
Posts: 3829
Joined: Fri May 28, 2004 5:22 pm

Mon Dec 18, 2006 7:52 pm

can you use the netflow data for this? traffic-flow

Sam
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

Wed Dec 20, 2006 5:00 pm

Does it exist a way to send output of

ip -> firewall -> connection -> print -> detail

to a syslog server ?

thanks.
 
User avatar
tgrand
Long time Member
Long time Member
Posts: 667
Joined: Mon Aug 21, 2006 2:57 am
Location: Winnipeg, Manitoba, Canada

Wed Dec 20, 2006 6:00 pm

Go to hotspot/Hosts, there is a mascerade table there.
 
boris67
just joined
Topic Author
Posts: 23
Joined: Wed Nov 15, 2006 10:35 am

Wed Dec 20, 2006 11:07 pm

Thanks tgrand, but I don't need (and I don't want) hotspot on that device ... it's an MKTK firewall behind Internet router ... I only need to collect info about PAT table into a syslog server to trace and store user sessions as in my previous post
 
marxin
just joined
Posts: 19
Joined: Tue Oct 24, 2006 10:39 pm
Location: Czech Republic

Re: How to log nat translation ?

Thu Oct 10, 2013 1:43 am

Long time no answer, is there any new feature in RouterOS that can help people to log all connections (with reply src-reply-address and dst-reply-address)?
 
samsung172
Forum Guru
Forum Guru
Posts: 1191
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: How to log nat translation ?

Thu Oct 10, 2013 3:24 am

its possible to log, but you need a huge datastore to have this stored.

Ask your government to pay a datastore, if they force you to log all activity.
 
marxin
just joined
Posts: 19
Joined: Tue Oct 24, 2006 10:39 pm
Location: Czech Republic

Re: How to log nat translation ?

Thu Mar 27, 2014 10:56 pm

Can I ask you how to enable such logging. I haven't found any solution how to log NAT table?
 
pongko
just joined
Posts: 7
Joined: Wed Apr 30, 2014 2:56 am

Re: How to log nat translation ?

Wed Apr 30, 2014 3:28 pm

you can inspect connection track table, there is lot of information there about nat and mangle
 
User avatar
kehrlein
newbie
Posts: 48
Joined: Tue Jul 09, 2019 1:35 am

Re: How to log nat translation ?

Fri Jul 30, 2021 6:24 pm

Just found this old thread. If someone is still looking for a solution, check viewtopic.php?t=41261#p205403

You could also log all of the NAT traffic, but be aware of the amount of data:
/ip firewall mangle
add action=log chain=prerouting connection-nat-state=srcnat log=yes log-prefix=NATLOG

Who is online

Users browsing this forum: akakua, anav, ItchyAnkle, menyarito and 97 guests