In networks that use PPPoE connections, it's common for the external IP address assigned by the internet service provider to be dynamic, meaning it changes periodically. When this happens, the configured NAT 1:1 (static Network Address Translation) rules on the router need to be updated with the new external IP address to ensure that internal services and devices remain externally accessible without interruptions.

This script aims to automate the update of NAT 1:1 rules whenever the external IP address of the PPPoE connection changes. Unlike masquerade NAT, which is recommended for internet access, NAT 1:1 allows mapping specific internal IP addresses to the external IP, making them accessible from the internet.

Benefits of using NAT 1:1 over Masquerade NAT:

1. **Direct Access to Internal Devices/Services**: With NAT 1:1, you can map specific internal IP addresses to the external IP, allowing direct access to servers, services, or devices on your internal network from the internet.

2. **No Need for Port Forwarding**: Since each internal IP is directly mapped to the external IP, there is no need to configure port forwarding rules, simplifying the setup.

3. **Support for Protocols That Don't Work Well with NAT**: Some protocols or applications may have issues when traversing through masquerade NAT, while they work correctly with NAT 1:1.

Disadvantages of using Masquerade NAT:

1. **Direct Access to Internal Devices Not Possible**: With masquerade NAT, you cannot directly access devices or services on your internal network from the internet unless you manually configure port forwarding rules.

2. **Issues with Some Protocols**: Certain protocols or applications may face difficulties when passing through masquerade NAT, requiring additional configurations.

Script Functionalities:

1. **Automatic IP Change Detection**: The script monitors the PPPoE interface and obtains the currently assigned external IP address.

2. **NAT 1:1 Rules Update**: Whenever a new external IP address is detected, the script locates and updates the existing NAT 1:1 rules on the MikroTik, replacing the old IP address with the new one.

3. **No Interruption of Active Connections**: The script updates only new connections with the new external IP, leaving existing connections unaffected to avoid disruptions.

4. **Automatic Scheduling**: The script is configured to run periodically (e.g., every minute) through the MikroTik's scheduler, ensuring that the NAT 1:1 rules are always up-to-date.

How to Use:

1. Copy the script code and create a new script in MikroTik through the "System > Scripts" menu.

2. In the script configuration, ensure you mark the "Don't Require Permissions" (don't require permissions) option.

3. Create a new task in the MikroTik scheduler ("System > Scheduler") to run the script periodically (e.g., every minute).

4. Verify that the existing NAT 1:1 rules on the MikroTik are correctly configured for the PPPoE interface and the internal IP addresses you want to make externally accessible.

With this script implemented, you won't have to worry about manually updating the NAT 1:1 rules whenever the external IP address of the PPPoE connection changes, keeping your internal services and devices reliably and efficiently accessible from the outside.

3. **No Interruption of Active Connections**: The script updates only new connections with the new external IP, leaving existing connections unaffected to avoid disruptions.

bullshit: if the IP changes, the previous connection to an IP that no longer exists doesn't make the slightest sense.

4. **Automatic Scheduling**: The script is configured to run periodically (e.g., every minute) through the MikroTik's scheduler, ensuring that the NAT 1:1 rules are always up-to-date.

bullshit: there is already the part for scripts in the pppoe profile, just use the appropriate function without creating useless scripts or schedulers.


The script is poorly thought out.
Ignoring orrorgraphy, it updates the IP every minute, causing unnecessary continuous writes to the internal memory.

Also ignoring that it is the wrong method, it should at least check first if ip is the same as before.
But surprise: specifying the IP in the firewall rule is useless without consider the rest of the context.
If the outgoing pppoe interface has only one IP, it doesn't make any sense to specify it, so is all useless.

3. **No Interruption of Active Connections**: The script updates only new connections with the new external IP, leaving existing connections unaffected to avoid disruptions.

bullshit: if the IP changes, the previous connection to an IP that no longer exists doesn't make the slightest sense.

4. **Automatic Scheduling**: The script is configured to run periodically (e.g., every minute) through the MikroTik's scheduler, ensuring that the NAT 1:1 rules are always up-to-date.

bullshit: there is already the part for scripts in the pppoe profile, just use the appropriate function without creating useless scripts or schedulers.


The script is poorly thought out.
Ignoring orrorgraphy, it updates the IP every minute, causing unnecessary continuous writes to the internal memory.

Also ignoring that it is the wrong method, it should at least check first if ip is the same as before.
But surprise: specifying the IP in the firewall rule is useless without consider the rest of the context.
If the outgoing pppoe interface has only one IP, it doesn't make any sense to specify it, so is all useless.

Hi,

Thanks for your feedback on my script. You raised some valid points that I hadn't considered.

I agree that the script could be improved by checking the current IP before updating the NAT rule and avoiding updating the rule every minute.

However, I still believe that the script can be useful for automating the update of NAT 1:1 rules when the external IP changes. It is relevant to use NAT 1:1 in corporate environments, and you may not have yet dealt with a scenario where you needed to use it and the IP changes constantly on PPPoE.

I will make the following changes to the script to address your concerns:

Check the current IP before updating the NAT rule.
Increase the time interval between IP checks to avoid unnecessary writes to internal memory.

Thanks again for your feedback. I appreciate your help in making the script better.

# Obtém o endereço IP atual da interface PPPoE
:local pppoeAddr [/ip address get [find interface="pppoe" address]]

# Se o endereço IP atual for diferente do IP especificado na regra NAT, atualize a regra
if ($pppoeAddr != "/ip firewall nat get [find action=src-nat chain=srcnat out-interface="pppoe" to-addresses=1.2.3.4]") {
/ip firewall nat set [find action=src-nat chain=srcnat out-interface="pppoe" to-addresses=1.2.3.4] to-addresses=$pppoeAddr
}