Community discussions

MikroTik App
  4. RouterOS
  5. General

Problem: NAT masquerade is bypassing some packets

Post Reply
 
alferrar
just joined
Topic Author
Posts: 13
Joined: Thu Mar 27, 2014 2:50 pm

Problem: NAT masquerade is bypassing some packets

Thu Mar 27, 2014 4:38 pm

Hello all,

We have a hotspot and recently customers are complaining about connection problems.
The board used is a RB433AH, RouterOs v4.14. The system structure is as follows:

Internet ----- WAN-Router 192.168.1.1/24 ---- 192.168.1.200/24 Mikrotik 10.10.1.254/23 ---- About 30 Clients (10.10.0.0/23 network)

Examining the system in order to debug the problem, I encountered that some private network packets (10.10.X.X) are bypassing the NAT masquerade rule without changing Src. Address, causing connectivity problems. In fact, sniffing packets on the 192.168.1.1/24 network some 10.10.X.X scr. address are found:

58 1.079 ether1 188.125.69.43:993 (imaps) 192.168.1.200:56352 tcp 572
66 1.139 ether1 192.168.1.200:56352 188.125.69.43:993 (imaps) tcp 66
67 1.141 ether1 192.168.1.200:56352 188.125.69.43:993 (imaps) tcp 66
68 1.143 ether1 192.168.1.200:56352 188.125.69.43:993 (imaps) tcp 54
69 1.153 ether1 192.168.1.200:56352 188.125.69.43:993 (imaps) tcp 368
70 1.173 ether1 192.168.1.200:56351 65.52.193.252:80 (http) tcp 54
71 1.207 ether1 62.37.163.71:10962 192.168.1.200:8291 (winbox) tcp 128
72 1.209 ether1 108.162.232.202:80 (http) 192.168.1.200:56354 tcp 66
>>> 76 1.23 ether1 10.10.1.38:56294 84.39.153.33:80 (http) tcp 54
77 1.231 ether1 192.168.1.200:56355 84.39.153.33:80 (http) tcp 66
78 1.233 ether1 192.168.1.200:58348 80.58.61.250:53 (dns) udp 81
79 1.272 ether1 188.125.69.43:993 (imaps) 192.168.1.200:56352 tcp 101
80 1.285 ether1 80.58.61.250:53 (dns) 192.168.1.200:58348 udp 113
89 1.323 ether1 192.168.1.200:56355 84.39.153.33:80 (http) tcp 1052
90 1.326 ether1 131.253.40.10:443 (https) 192.168.1.200:56255 tcp 192
114 1.703 ether1 188.125.69.43:993 (imaps) 192.168.1.200:56352 tcp 60 >
>>> 115 1.71 ether1 10.10.1.38:56294 84.39.153.33:80 (http) tcp 54 >
116 1.779 ether1 192.168.1.200:56348 212.58.244.71:80 (http) tcp 133>

I deleted some packets to clarify. 10.10.X.X is not always the same IP. Packet bypassing occurs about 1 per second. Packet content is:

e046 9a28 8943 000c 42c9 5747 0800 4500 .F.(.C..B.WG..E.
0028 2a5d 4000 7f06 5b3d 0a0a 011d d5c7 .(*]@...[=......
9547 c412 01bb 7a9e ff43 6548 3222 5014 .G....z..CeH2"P.
0000 6280 0000 ..b...

Nat configutation is:

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=no out-interface=ether1 src-address=\
10.10.0.0/23
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=192.168.1.200 dst-port=8100 protocol=tcp to-addresses=\
10.10.0.100 to-ports=80

Some ideas?
Thank you
Top
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 12001
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:
Contact rextended

Re: Problem: NAT masquerade is bypassing some packets

Sat Mar 29, 2014 1:48 am

This entire thread duplicated will be deleted, please do not reply, but use this:
http://forum.mikrotik.com/viewtopic.php ... 49#p417841
Top
Post Reply

Who is online

Users browsing this forum: Google [Bot], hreskiv and 82 guests
  4. RouterOS
  5. General