We bought 2048 IPs to kick the can down the road for a year or so, but this is going to become a high priority. Dennis or someone is going make a fortune with “IPV6 in a box” solutions once there is a method that is reliable and easy to adopt.
From: Adam Moffett Sent: Tuesday, December 27, 2016 2:45 PM To: Animal Farm Subject: [AFMUG] Mikrotik - Carrier Grade NAT methods A recent thread about a subpoena made me wonder. Historically this hasn't been an issue for me because I've had access to enough public IP's...but it might become an issue soon. Has anybody set up CGN with appropriate logging on Mikrotik? I'm thinking you would have to log every set of src-ip, dst-ip, src-port, and dst-port for each connection that a customer opens. Does simply checking the "log" checkbox on the srcnat rule generate enough data or is there more to it? Has anybody tried the method on the wiki (http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Carrier-Grade_NAT_.28CGNAT.29_or_NAT444) where you assign a range of port numbers to each private IP? The idea is you don't have to log everything at that point because you know that a connection from port x corresponds to private ip y. Then you just need to keep track of who has which private IP. It seems like this would have a side effect of limiting the number of simultaneous connections a single customer could open....maybe not a bad thing. Thanks, Adam