destination nat with dynamic ip

dana1975 · August 6, 2009, 9:11pm

i this case i need to map an valid IP address to my web server
provider give me 10Dynamic ip address per each line
i know the dst-nat with static ip

/ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat to-addresses=192.168.100.28
/ip firewall nat add chain=srcnat src-address=192.168.100.28 action=src-nat to-addresses=10.5.8.200

but i dont have any static ip
can anybody help me to assign an ip to my webserver
also i need to use dynamic dns to resolve this webserver

thanks
DANA 1.jpg

mrz · August 7, 2009, 6:10am

You have to write a script that checks if address is changed and change NAT rules:
http://wiki.mikrotik.com/wiki/Scripting-examples#Check_if_IP_on_interface_have_changed

You can use Changeip or EveryDNS for dynamic DNS
http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_EveryDNS
http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_ChangeIP.com

dana1975 · August 7, 2009, 9:19am

thank you for replay
but my problem is different
i don’t have any static IP to dst-nat, only provider have IPs and give us with his dhcp server
my question exactly is how can i do the dst-nat for my webserver without knowing the public ip?

mrz · August 7, 2009, 9:24am

This is exactly the situation that you have - provider givers you dynamic IP address. So you have to run a script which will check what ip address is set on interface by dhcp server and then script will set that ip address in nat rules.

dana1975 · August 7, 2009, 12:00pm

i explain my situation more and write exactly command that i use
ether1=connect to lan
ether2,3,4=dhcp-client
ether2=ip2,gw2 ether3=ip3,gw3 ether4=ip4,gw4

/ip address add interface=ether1 address=192.168.100.1/24 disabled=no

/ip dhcp-client add interface=ether2 use-peer-dns=yes add-default-route=yes disabled=no
/ip dhcp-client add interface=ether3 use-peer-dns=yes add-default-route=yes disabled=no
/ip dhcp-client add interface=ether4 use-peer-dns=yes add-default-route=yes disabled=no


/ip firewall nat add chain=srcnat action=masquerade disabled=no
/ip route add dst-address=0.0.0.0/0 gateway=gw1,gw2,gw3

now we need 2 ip to assign ether2,first for ether2 and second for destination nat to 192.168.100.28
when i want to run this command

/ip dhcp-client add interface=ether2 use-peer-dns=yes add-default-route=yes disabled=no

MikroTik say to me :" Could not add new dhcp client- dhcp-client on that interface already exists(7)

how can i have 2 IP address and use one of them to dst-nat for my webserver
i write another time that i don’t have static ip and only provider have it ang give us only with his dhcp server

mrz · August 7, 2009, 12:12pm

Well, dhcp client can add only one IP address per interface.

dana1975 · August 7, 2009, 12:39pm

and how can i do dst-nat?

Chupaka · August 7, 2009, 12:44pm

you cannot add two or more dhcp-clients to one interface

you may try to use bridge to your client, so that your client receive an IP address from your provider’s server

mrz · August 7, 2009, 12:45pm

If you can’t get second IP then you can’t set dst nat

One option is to bridge public interface with interface where web server is connected. THat way server will get one of addresses that provider assigned to you and no DST-NAT is needed.

Another option is to use metarouter to get another IP.
http://wiki.mikrotik.com/wiki/Metarouter

dana1975 · August 7, 2009, 1:12pm

Chupaka it’s correct, but if i use bridge i can’t use load balancing in my webserver
by this way only webserver can have valid ip address
i right ?

Chupaka · August 7, 2009, 1:16pm

what kind of load-balancing do you need for web-server?.. you are running two parallel web-servers?..

dana1975 · August 10, 2009, 2:42am

no dear friend
only i use 3512KB upload bandwidth
i connect 3(1536/512) to mikrotik and also connect webserver to mikrotik(lan ether)
i want to use all upload bandwidth by load balancing
if i use bridge between 2 interface i can’t use all BW upload for my webserver

Chupaka · August 10, 2009, 7:52am

at first, you should use DNS load-balancing on your three addresses of those three connections - you cannot upload via different uplinks with one src-address, I believe - your ISP will block that

dana1975 · September 7, 2009, 8:03pm

how can i configure DNS load-balancing?

Chupaka · September 7, 2009, 10:04pm

simply add several ‘A’ records to the DNS server which hosts your domain

dsalinas · March 19, 2010, 6:25pm

any help creating the script to work with the nat rules and dynamic Public IP? my configuration is only one public ip that change every 24h.

the idea is to have the server behind mikrotik for security reasons…

thanks in advance…

WarMaster · October 7, 2021, 11:09am

I really wish Mikrotik would implement a relative IP reference to a source or destination field in the firewall/NAT enviroment.

Cisco ASA has an option to just refer to the interface as an IP source or destination which in turn points to the IP adres(ses) given to that particular interface weither this IP is static or dynamic.

Working with scripts on network devices to get basic stuff like this working always gives me the heebie jeebies.

Chupaka · October 7, 2021, 2:32pm

What’s wrong with, for example,

in-interface=WAN-1 dst-address-type=local

?

WarMaster · October 13, 2021, 10:54am

That’s exactly what I mean! Rather than defining a new field (dst-address-type) I would suggest using the dst-address field to also accept “local” as a valid entry next to an IP address.

Or even beter; The dst-address field should accept an interface name as relative designation for an IP address. Perhaps there are situations where one would want to refer to a dynamic IP on another interface.

Chupaka · October 13, 2021, 12:43pm

But then it needs to be renamed to “dst”, for example. As neither type nor interface are not addresses