Adam, Coming late to this party, been out of the loop for the last week. I'll get my notes together on Monday and post my poor boy's method I've been using with our mikrotik PPPoE servers. Don't see a reason why it wouldn't work with DHCP on anything else, being it is based on traffic flow.
In a nut shell. I'm using traffic flow and a small flow collector I wrote using perl. Nothing fancy, just dumps the NAT stuff to text files based on date & hour to keep them small. This is all being done on a windows computer. If I need to look something up, I can usually find it in about 5-10 minutes using the "find" command at a prompt. I'll get into more detail on Monday. -- Best regards, Mark mailto:[email protected] Myakka Technologies, Inc. www.MyakkaTech.com Proud Sponsor of the Myakka City Relay For Life http://www.RelayForLife.org/MyakkaCityFL Please Donate at Please Donate at http://www.myakkatech.com/RFL.html ------ Tuesday, December 27, 2016, 4:45:00 PM, you wrote: AM> Aᅵrecent thread about a subpoena made me wonder.ᅵ AM> Historically this hasn't been an issue for me because I've had AM> access to enough public IP's...but it might become an issue soon. AM> ᅵ AM> Has anybody set up CGN with appropriate logging on Mikrotik? AM> I'm thinking you would have to log every set of src-ip, AM> dst-ip, src-port, and dst-port for each connection that a customer AM> opens.ᅵ Does simply checking the "log" checkbox on the srcnat rule AM> generate enough data or is there more to it? AM> ᅵ AM> Has anybody tried the method on the wiki AM> (http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Carrier-Grade_NAT_.28CGNAT.29_or_NAT444)ᅵwhere AM> you assign a range of port numbers to each private IP?ᅵ The idea AM> is you don't have to log everything at that point because you know AM> that a connection from port x corresponds to private ip y.ᅵ Then AM> you just need to keep track of who has which private IP.ᅵ It seems AM> like this would have a side effect of limiting the number of AM> simultaneous connections a single customer could open....maybe not AM> a bad thing. AM> ᅵ AM> Thanks, AM> Adam
