Community discussions

MikroTik App
 
ollit
newbie
Topic Author
Posts: 25
Joined: Tue May 23, 2017 3:14 pm

NAT - where is the Problem?

Sun Aug 06, 2017 11:42 pm

Hello,

Internal Address: 10.251.0.0/24
External Address: x.x.x.x
Online IP: 10.251.0.10

I have NAT a /24 Subnet to one external IP. That works fine for the Online IP. In the Subnet only work/is online 1 IP.
I don't understand the Log.

22:35:49 firewall,info forward: in:vrrp8 out:sfp-sfpplus8, src-mac bc:16:65:f9:cc:80, proto TCP (SYN), 37.139.50.4:54356->10.251.0.20:8545, NAT 37.139.50.4:54356->(x.x.x.x:8545->10.251.0.20:8545), len 40
22:36:24 firewall,info forward: in:vrrp8 out:sfp-sfpplus8, src-mac bc:16:65:f9:cc:80, proto TCP (SYN), 111.121.193.254:41798->10.251.0.142:8083, NAT 111.121.193.254:41798->(x.x.x.x:8083->10.251.0.142:8083), len 40
22:37:01 firewall,info forward: in:vrrp8 out:sfp-sfpplus8, src-mac bc:16:65:f9:cc:80, proto UDP, 51.15.70.57:5234->10.251.0.174:8090, NAT 51.15.70.57:5234->(x.x.x.x:8090->10.251.0.174:8090), len 433

How can from a remote address NAT to an internal Address over NAT that is not online ( only one IP is configures )

Kind Regards
Oliver
 
ollit
newbie
Topic Author
Posts: 25
Joined: Tue May 23, 2017 3:14 pm

Re: NAT - where is the Problem?

Sun Aug 06, 2017 11:46 pm

Sorry, for my bad english.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2989
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: NAT - where is the Problem?

Sun Aug 06, 2017 11:51 pm

We need more information to help you.
If you use VRRP then I suspect that you have quite complex configuration. Could you export it and show it us?
 
ollit
newbie
Topic Author
Posts: 25
Joined: Tue May 23, 2017 3:14 pm

Re: NAT - where is the Problem?

Sun Aug 06, 2017 11:59 pm

Export file is not possible, there is probability that I Change not all ( Passwords, Preshared Keys, External IP Addresses )

Can I give on other way more informations?

The external IP Addresses are on a VRRP Interface.
 
ollit
newbie
Topic Author
Posts: 25
Joined: Tue May 23, 2017 3:14 pm

Re: NAT - where is the Problem?

Mon Aug 07, 2017 12:04 am

Is it possible a bug? I use 6.40.

After I Change from /24 to /32 all logs shows the right Internal IP.
But if I use a second internal IP, what should I do than?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2989
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: NAT - where is the Problem?

Mon Aug 07, 2017 11:39 am

If you ask if it could be a bug then the answer is "Yes, it could be" but ..

A. Are you sure that you have no NAT rule which redirects packets to 10.251.0.20 or 10.251.0.142 or 10.251.0.174?
B. As it is forward chain then I suspect that that is "returning" stream of data to PC or other devices which have started communication sending data via VRRP interface which have had been masquaraded. Just quessing as we have no configuration of your device ... even simple drawing what, where and how is configured.
 
ollit
newbie
Topic Author
Posts: 25
Joined: Tue May 23, 2017 3:14 pm

Re: NAT - where is the Problem?

Mon Aug 07, 2017 4:27 pm

Hello,

A. Yes, I'm sure, there are no NAT rule which other IPs. Only the /24 ( current /32 ).
Additional Information. The Subnet 10.251.0.0/24 is for some L2TP Connetion. At the Moment only for 10.251.0.10 ( only on L2TP )
B. Only one L2TP Tunnel has the IP 10.251.0.10, so no other Device can started communication sendig data via VRRP.

After I change from /24 to /32 I see in the logfile that the output Interface change to the correct Interface ( out:l2tp )

Before I change the subnet, the output Interface was the parent Interface for the VRRP Interface.

I change the subnet in NAT. No IP from the subnet is configure in the MT. The IP is only available after connect via L2TP.

Who is online

Users browsing this forum: Techsystem, vingjfg, yonutm and 31 guests