Hello everyone,
I have a nas in vlan200. to which some vlan100 PCs and all vlan200 PCs have access. I have harping nat. I find failed login attempts from the router ip (192.168.240.1) of vlan200. I did some tests if I make a wrong login in remote it gives me the ip of the remote device that tried to access. if I make a wrong login from vlan100 or vlan200 it gives me the ip that made the wrong login as the router ip of vlan200. how can I identify which vlan100 or vlan200 PC is the one that makes the wrong logins? thanks

Not sure how you made the "Hairpin NAT". Is it a masquerade to just one IP address? Then it is that address that will be seen as te source of the request to the NAS.
E.G. Hairpin like this: viewtopic.php?p=1096658&hilit=hairpin#p1096658

You want/need a SRC-NAT where every device gets a different NATted IP address.

Maybe SRC-NAT of a subnet to a subnet will do this. "Netmap" as in viewtopic.php?p=1056825#p985156
The 1:1 mapping in: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

But maybe you need a FullConeNAT like setup used in the Hairpin.
Full-cone NAT like this: viewtopic.php?p=1056825#p984470

I solved it by disabling the NAS port forwarding and Harping NAT. Now I am accessible from outside and I see the local IPs logging in