Basic port forwarding problem with dynamic IP address

Gollum · January 31, 2012, 8:43pm

We are encountering a problem with port forwarding using the following script:

/ip firewall nat
add chain=dstnat action=dst-nat protocol=tcp dst-address=180.180.127.xxx dst-port=81 to-addresses=192.168.123.65 to-ports=81
add chain=dstnat action=dst-nat protocol=tcp dst-address=180.180.127.xxx dst-port=9000 to-addresses=192.168.123.65 to-ports=9000
add chain=dstnat action=dst-nat protocol=udp dst-address=180.180.127.xxx dst-port=9000 to-addresses=192.168.123.65 to-ports=9000

/ip firewall filter
add chain=forward action=accept protocol=tcp dst-address=192.168.123.65 dst-port=81,9000
add chain=forward action=accept protocol=udp dst-address=192.168.123.65 dst-port=9000

The problem is that everytime the router restarts we get a different external IP address, we have a DynDNS free account with a script that runs each reboot to update theDynDNS hostname, how can we put a variable like $currentIP. In place of the 180.180.127.xxx in the script.

Sent from my tablet using Tapatalk

nest · January 31, 2012, 8:51pm

How about changing the Destination IP address for an in-interface?

/ip firewall nat 
add action=dst-nat chain=dstnat disabled=no dst-port=81 in-interface=ether1-public protocol=tcp to-addresses=192.168.123.65 to-ports=81

Although, this does not help if you’re allocated say a /29 block. A netmap might be worth trying, but never tried it in your particular scenario.

Gollum · February 2, 2012, 7:59am

Thanks Nest
I tried your suggestion but that didn’t work

I’m new to these Routers

This is our DynDNS Script - which works incidentally:

Set needed variables

:local username “username”
:local password “password”
:local hostname “dyndnshost”

:global dyndnsForce
:global previousIP

print some debug info

:log info (“UpdateDynDNS: username = $username”)
:log info (“UpdateDynDNS: hostname = $hostname”)
:log info (“UpdateDynDNS: previousIP = $previousIP”)

get the current IP address from the internet (in case of double-nat)

/tool fetch mode=http address=“checkip.dyndns.org” src-path=“/” dst-path=“/dyndns.checkip.html”
:local result [/file get dyndns.checkip.html contents]

parse the current IP result

:local resultLen [:len $result]
:local startLoc [:find $result ": " -1]
:set startLoc ($startLoc + 2)
:local endLoc [:find $result “” -1]
:local currentIP [:pick $result $startLoc $endLoc]
:log info “UpdateDynDNS: currentIP = $currentIP”

Remove the # on next line to force an update every single time - useful for debugging, but you could end up getting blacklisted by DynDNS!

#:set dyndnsForce true

Determine if dyndns update is needed

more dyndns updater request details available at http://www.dyndns.com/developers/specs/syntax.html

:if (($currentIP != $previousIP) || ($dyndnsForce = true)) do={
:set dyndnsForce false
:set previousIP $currentIP
/tool fetch user=$username password=$password mode=http address=“members.dyndns.org” src-path=“/nic/update?hostname=$hostname&myip=$currentIP” dst-path=“/dyndns.txt”
:local result [/file get dyndns.txt contents]
:log info (“UpdateDynDNS: Dyndns update needed”)
:log info ("UpdateDynDNS: Dyndns Update Result: ".$result)
:put ("Dyndns Update Result: ".$result)
} else={
:log info (“UpdateDynDNS: No dyndns update needed”)

What I would like to do is put the variable? $currentIP into the Port Forwarding script as so that every time the IP changes the port forward script will update.

Gollum · February 2, 2012, 12:03pm

An update this is the situation:

1 - Fibreoptic internet going to Modem
2 - Modem linked to Eth1/PoE port of Mikrotik router81
3 - DVR hooked up to Eth4 port of MikroTik router
4 - Linksys Wireless router hooked up to Eth2 port of MikroTik router

In the MikroTik router we have the above DynDNS script running at boot time on the router, this seems to be working, we have a port forward script running at boot time on the router this has the problem as described iin above post, we now have discovered a further little hiccup.

We can access the DVR directly using it’s local IP address and port 81 from within the LAN
We can access the DVR directly using it’s DynDNS.org alias and port 81 from within the LAN
We can NOT access the DVR from outside the LAN using it’s DynDNS.org alias and port 81 (i.e. from another network) over the internet, we get error page not found
We can access the router using theDynDNS alias from outside the LAN using it’s DynDNS.org alias and get the router home page, obviously something is awry in my script

This problem is getting somewhat critical as we had it working as aboveuntil the ISP in it’s infinite wisdon decided to come in and replace the MikroTik router with one of it’s own POS routers. We are now discussing with the customer is whether to change ISP as one of the other ISP’s offers the same or similar package with a combined cable modem/wireless router, and I have configured these with the DVR on numerous occassions with no hassles.

Gollum · February 7, 2012, 5:28am

Problem solved

Changed the IP/Firewall to in-interface = pppoe-out 1 and problem is resloved. Stays consistant after reboot