Answer the question
In order to leave comments, you need to log in
Y
Y
Yuri Vitkovsky2015-04-03 10:17:49
Yuri Vitkovsky, 2015-04-03 10:17:49
Mikrotik UDP masquerade?
Good day.
I turn to you, because I myself do not know in which direction to look for a solution. The situation is the following. There is an office in which the PPTP server is raised. There are several remote points where Mikrotik routers are located, the main task of which is to raise a PPTP connection to the office and forward certain UDP traffic through the tunnel. Everything seems to be working correctly, UDP traffic is wrapped in a tunnel, and normally reaches our server. But there is one problem: incoming packets have the wrong sender address. Those. some packets are not masqueraded at all (src-address contains the address of Mikrotik's local network), some packets are masqueraded as a WAN address (src-address contains the address received from the provider), and some packets come with the correct address. Since some of the services that work in the office send response traffic to the address of the sender of the packet,
For clarity, I give the settings of one of the routers:
/ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.5.1/24 192.168.5.0 lan-master
1 D 172.28.44.44/24 172.28.44.0 wan
2 D 192.168.1.176/32 192.168.1.50 pptp-office /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 79.134.0.224/28 172.28.44.1 10
1 ADS 172.16.0.0/12 172.28.44.1 10
2 ADC 172.28.44.0/24 172.28.44.44 wan 0
3 ADS 192.168.0.0/16 172.28.44.1 10
4 A S 192.168.1.0/24 pptp-office 3
6 ADC 192.168.1.50/32 192.168.1.176 pptp-office 0
7 ADC 192.168.5.0/24 192.168.5.1 lan-master 0 /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=pptp-officetcpdump on the PPTP server, I see the following traffic:
[email protected]:~$ tcpdump -qni ppp1
12:05:05.654126 IP 172.28.44.44.1004 > 192.168.1.214.1004: UDP, length 4
12:05:05.654178 IP 172.28.44.44.1004 > 192.168.1.43.1004: UDP, length 4
12:05:05.679792 IP 172.28.44.44.1004 > 192.168.1.214.1004: UDP, length 2
12:05:05.680007 IP 172.28.44.44.1004 > 192.168.1.43.1004: UDP, length 2
12:05:05.683508 IP 172.28.44.44.1005 > 192.168.1.214.1005: UDP, length 4
12:05:05.683547 IP 172.28.44.44.1005 > 192.168.1.43.1005: UDP, length 4
12:05:05.701710 IP 172.28.44.44.1005 > 192.168.1.214.1005: UDP, length 4
12:05:05.701742 IP 172.28.44.44.1005 > 192.168.1.43.1005: UDP, length 4
12:05:05.721987 IP 172.28.44.44.1005 > 192.168.1.214.1005: UDP, length 4
12:05:05.722116 IP 172.28.44.44.1005 > 192.168.1.43.1005: UDP, length 4
12:05:05.727862 IP 192.168.1.176.4002 > 192.168.1.214.4002: UDP, length 4
12:05:05.727898 IP 192.168.1.176.4002 > 192.168.1.43.4002: UDP, length 4
12:05:05.730461 IP 192.168.1.176.4002 > 192.168.1.214.4002: UDP, length 32
12:05:05.730496 IP 192.168.1.176.4002 > 192.168.1.43.4002: UDP, length 32
12:05:05.733296 IP 192.168.1.176.4002 > 192.168.1.214.4002: UDP, length 32
12:05:05.733328 IP 192.168.1.176.4002 > 192.168.1.43.4002: UDP, length 32This is the kind of traffic coming from another point. There is also Mikrotik with a similar configuration (network 192.168.13.0/24 is local from Mikrokika, i.e. here part of the traffic is not masqueraded at all):
[email protected]:~$ tcpdump -qni ppp5
12:09:35.056017 IP 192.168.1.179.4004 > 192.168.1.214.4004: UDP, length 14
12:09:35.056051 IP 192.168.1.179.4004 > 192.168.1.43.4004: UDP, length 14
12:09:35.098550 IP 192.168.13.254.1025 > 192.168.1.214.6666: UDP, length 4
12:09:35.098589 IP 192.168.13.254.1025 > 192.168.1.215.6666: UDP, length 4
12:09:35.115159 IP 192.168.13.254.1025 > 192.168.1.214.6666: UDP, length 4
12:09:35.115196 IP 192.168.13.254.1025 > 192.168.1.215.6666: UDP, length 4
12:09:35.144055 IP 192.168.13.254.1025 > 192.168.1.214.6666: UDP, length 4
12:09:35.144091 IP 192.168.13.254.1025 > 192.168.1.215.6666: UDP, length 4
12:09:35.159975 IP 192.168.13.254.1025 > 192.168.1.214.6666: UDP, length 4
12:09:35.160008 IP 192.168.13.254.1025 > 192.168.1.215.6666: UDP, length 4
12:09:35.164412 IP 192.168.13.78.1003 > 192.168.1.214.1003: UDP, length 4
12:09:35.164446 IP 192.168.13.78.1003 > 192.168.1.215.1003: UDP, length 4UPD: Approximate network diagram
2 answer(s)
@EdmunD
@athacker
Y
Yuri Vitkovsky, 2015-04-03 @EdmunD
The problem turned out to be a glitch of Mikrotik itself. We changed the port on which UDP mailing was carried out to another, and everything worked. Returned the old port - continued to work as it should.
A
athacker, 2015-04-03 @athacker
The address plan on your network is unclear. Draw a picture of two routers with their local subnets, and write down the addressing - subnets and addresses on specific interfaces, and attach here, this will make it easier to analyze the configuration. It looks something like this: www.cisco.com/E-Learning/bulk/public/cln/store/top...
Similar questions
A
W
R
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question