Community discussions

MikroTik App
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1424
Joined: Sun Sep 18, 2011 7:00 pm

see IP of device behind NAT

Thu Jan 06, 2022 11:09 am

Hello,
I have 5 Mikrotik router with the same setting which all of them connected to a Mikrotik LT2P server
so all devices are the same except the L2TP address they get
172.16.6.1-172.16.6.5 / 16
the ethernet is 10.129.250.250/24
in the firewwall I have this rule
/ip firewall nat
add action=masquerade chain=srcnat
the L2TP server can reach network 10.129.10.0/24
I can reach from the remote device to a server on 10.129.10.5 and able to send it data (the data is simple syslog data from the router , not from a connected device ). so all the netwrok rules\routing are working .

my question is
why I'm seeing in server 10.129.10.5 that the data is comming from 10.129.250.250 , what\where I need to change in order to see the L2TP address of the device ?
in the L2TP server? in the remove router?

Thanks,
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: see IP of device behind NAT

Thu Jan 06, 2022 1:17 pm

You have unconditional masquerade rule, so it affects all connections, no exception. Usually you want masquerade only for access to internet, using e.g. out-interface=<WAN>.
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1424
Joined: Sun Sep 18, 2011 7:00 pm

Re: see IP of device behind NAT

Thu Jan 06, 2022 2:52 pm

so what to do
can you show \ explain ?

Thanks ,
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: see IP of device behind NAT

Thu Jan 06, 2022 3:12 pm

Didn't I already? Masquerade changes source address to whatever address router has on outgoing interface. It's what allows you to have private (non-public) addresses in LAN and be able to connect to internet from them. This is one case where you definitely want it. But you shouldn't need it for anything else. So the rule you posted, add out-interface=<whatever your WAN interface is> to it, and it's most likely what you need.
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1424
Joined: Sun Sep 18, 2011 7:00 pm

Re: see IP of device behind NAT

Mon Jan 10, 2022 11:08 am

I understand
I needed to change the rule in thte L2TP server and not in the remote side

Thanks ,
 
David1234
Forum Guru
Forum Guru
Topic Author
Posts: 1424
Joined: Sun Sep 18, 2011 7:00 pm

Re: see IP of device behind NAT

Tue Jan 11, 2022 9:50 am

yes - thank you
this is what I did , and now it's working

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], BioMax, cdblue, sybadi and 46 guests