here´s my rule...but it is like you said with out-Interface...
/ip Firewall nat
add action=masquerade chain=srcnat comment="NAT Loopback" dst-address-list=LocalLAN out-interface=ether2-master-local
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether5-gateway
Ok - it looks like you have hairpin nat enabled. (comment says NAT Loopback)
The logic of this rule was wrong - change dst-address-list=LocalLAN to be src-address-list=LocalLAN
The way you had it configured will always masquerade because the destination of packets going out the lan interface will always be an address from your lan addresses (otherwise, the router would be sending them out some other interface).
So the source was always getting masqueraded.
You only want this to happen when a hairpin nat is taking place (when a LAN host is trying to reach a LAN server, but by using its public IP instead of its LAN ip).
So changing the rule to only apply whenever the source address of the packet is in you LAN addresses list, this rule won't match incoming requests from the Internet, so your logs will show the correct source IP address. Of course, when a LAN user hits the server, it's still going to show the Mikrotik's IP as the source, but there's no way around this because you have to do this for hairpin NAT.