Community discussions

MikroTik App
  4. RouterOS
  5. General

how to get srcnat modified src ip/port after postrouting

Post Reply
 
User avatar
greencomputing
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Wed Jun 23, 2010 1:12 pm
Location: Italy

how to get srcnat modified src ip/port after postrouting

Mon Aug 13, 2012 1:24 pm

Hi folks

do you think is possible to create a new chain, may be using a sort of trick (trough virtual interfaces, brdiges,etc) , to have extra processing just after srcnat rules (immediately after postrouting). My goal is to discover the ip used as src ip /port as applied by the src nat rules.

To clarify, before src-nat action, I have a client request to dst tcp port 80 and dst ip a.b.c.d using as private src ip x.y.z.w and src port K. how may I discover the new src ip as output of src nat action immediately before the packet leave the router using src ip x1.y1.z1.w1 and src port K1?

I had already in the past several suggestion on use other way like packet flow and accounting but this are not feasible and didn't fit my requirements. The solution if exist needs to use firewall chains.

thanks a lot for your interests in the question


have a nice day
Top
 
peson
Trainer
Trainer
Posts: 202
Joined: Tue Jul 20, 2004 10:33 am
Location: Sweden

Re: how to get srcnat modified src ip/port after postrouti

Mon Aug 13, 2012 2:51 pm

Hi folks

do you think is possible to create a new chain, may be using a sort of trick (trough virtual interfaces, brdiges,etc) , to have extra processing just after srcnat rules (immediately after postrouting). My goal is to discover the ip used as src ip /port as applied by the src nat rules.

To clarify, before src-nat action, I have a client request to dst tcp port 80 and dst ip a.b.c.d using as private src ip x.y.z.w and src port K. how may I discover the new src ip as output of src nat action immediately before the packet leave the router using src ip x1.y1.z1.w1 and src port K1?
Is src a.b.c.d and dst x.y.z.w already known?
Is it a kind of traffic logging that you want?
Top
 
User avatar
greencomputing
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Wed Jun 23, 2010 1:12 pm
Location: Italy

Re: how to get srcnat modified src ip/port after postrouti

Mon Aug 13, 2012 3:46 pm

if it help to describe the solution , yes, think that we already know the src priavte ip/port and dst /port and we want to know the modified public src ip/port as built by src nat rule. The reqirement is that this natted src ip/port must be recorded/logged automaically by a firewall/filter/nat rule.
Top
 
peson
Trainer
Trainer
Posts: 202
Joined: Tue Jul 20, 2004 10:33 am
Location: Sweden

Re: how to get srcnat modified src ip/port after postrouti

Mon Aug 13, 2012 10:26 pm

if it help to describe the solution , yes, think that we already know the src priavte ip/port and dst /port and we want to know the modified public src ip/port as built by src nat rule. The reqirement is that this natted src ip/port must be recorded/logged automaically by a firewall/filter/nat rule.
-Create a bridge which includes the internet connected interface.
-Change interface of the external IP to the bridge.
-Create a mangle rule in the firewall forward chain with action mark connection and passthrough
-Create a second mangle rule in the firewall forward chain which uses the connection mark to mark the packets.
-Finaly, create a log rule in the bridge output chain that's using the packet mark.

Prepare to have a massive log, but that's an other problem ;-)

Edit:
Code: Select all
/ip firewall mangle
add action=mark-connection chain=forward dst-address=8.8.8.8 new-connection-mark=GDNS-conn
add action=log chain=forward connection-mark=GDNS-conn connection-state=new log-prefix=FW-GDNS
add action=mark-packet chain=forward connection-mark=GDNS-conn connection-state=new new-packet-mark=GDNS-pack passthrough=no
/interface bridge filter
add action=log chain=output log-prefix=BR-GDNS packet-mark=GDNS-pack
This will result in logged packets only for new connection establishing
Results in log:
23:18:39 firewall,info FW-GDNS forward: in:pppoe-rt-bfs-3 out:br-int, proto UDP, 172.32.1.2:1142->8.8.8.8:53, len 68
23:18:39 firewall,info BR-GDNS output: in:(none) out:ether5, src-mac 00:0c:42:b4:8a:61, dst-mac 00:33:43:79:c3:d0, eth-proto 0800, UDP, 96.110.62.55:1142->8.8.8.8
:53, len 68
23:18:39 firewall,info FW-GDNS forward: in:pppoe-rt-bfs-3 out:br-int, proto UDP, 172.32.1.2:1143->8.8.8.8:53, len 64
23:18:39 firewall,info BR-GDNS output: in:(none) out:ether5, src-mac 00:0c:42:b4:8a:61, dst-mac 00:33:43:79:c3:d0, eth-proto 0800, UDP, 96.110.62.55:1143->8.8.8.8
:53, len 64
Top
 
User avatar
greencomputing
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Wed Jun 23, 2010 1:12 pm
Location: Italy

Re: how to get srcnat modified src ip/port after postrouti

Tue Aug 14, 2012 2:30 am

Hi peson

it's working :)

thank you so much for the effort you applied to solve my problem.

really appreciated.

have a nice day!
Top
 
peson
Trainer
Trainer
Posts: 202
Joined: Tue Jul 20, 2004 10:33 am
Location: Sweden

Re: how to get srcnat modified src ip/port after postrouti

Wed Aug 15, 2012 9:16 am

Hi peson

it's working :)

thank you so much for the effort you applied to solve my problem.

really appreciated.

have a nice day!
Thanks for your appreciation.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 135 guests
  4. RouterOS
  5. General