If I have a Mikrotik box with source nat such as:
ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; added by setup
10.10.10.3/24 10.10.10.0 10.10.10.255 ether1
1 192.168.145.101/24 192.168.145.0 192.168.145.255 ether2
ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=ether2 src-address=40.40.40.0/24
action=masquerade
My clients are 40.40.40.x/24 behind ether1, and they go out ether2 with 192.168.145.101 ip address.
I need to log all mappings 40.40.40.x:portA --> 192.168.145.101:portB because I want to trace it.
I tryied with:
ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=ether2 src-address=40.40.40.0/24
action=log
but I can see only 40.40.40.x:portA --> public destination ip addr:portB,
so I haven't mapping 40.40.40.x:portA --> 192.168.145.101:portB logged.
Thanks