i need an script for my mikrotik server

muhanadali · May 1, 2021, 12:02am

please anyone can help me
i need a script that check the local-address of pppoe-client and go to the firewall mangle and add the local-address to src-nat number 0 in dst-address

rextended · May 1, 2021, 1:10am

“to src-nat number 0 in dst-address”

this is not clear for me, src-nat are on NAT, not in mangle

rextended · May 1, 2021, 1:16am

use variable $“local-address” inside your script on profile event when pppoe-client go up

I provide to you this example to put on onup event:

/ ip fire man set [find where comment=“modifythis” ] dst-address=$“local-address”

muhanadali · May 1, 2021, 1:22am

i mean the local-address that get from script when pppoe-client is up

insert inside a dstnat in firewall nat

my proplem is how to get the local-address from the pppoe-client

rextended · May 1, 2021, 1:25am

first paste this on terminal and put on forum the results:

/int pppoe-client export hide-sensitive

after that I can write your script

muhanadali · May 1, 2021, 1:37am

"to src-nat number 0 in dst-address"

this is not clear for me

i mean the local-address that get from script when pppoe-client is up

insert inside a dstnat in firewall nat

my proplem is how to get the local-address from the pppoe-client

first paste this on terminal and put on forum the results:
/int pppoe-client export hide-sensitive
after that I can write your script

that's results

/interface pppoe-client
add comment=E+ interface=Lan1 name=pppoe-out1 user=2015@najaftop52x
add comment="E+ Qasimq" interface=Lan2 max-mtu=1500 name=pppoe-out2 user=\
    qasimq@najaf
[admin@MikroTik] >

rextended · May 1, 2021, 1:38am

what of your 2 pppoe-client must modify the nat rule?

muhanadali · May 1, 2021, 1:42am

/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.140.70.16 dst-port=80,443 \
    protocol=tcp to-addresses=10.20.20.2 comment=1
add action=dst-nat chain=dstnat dst-address=10.140.70.19 dst-port=80,443 \
    protocol=tcp to-addresses=10.20.20.3 comment=2

these 2 nat
the dst-address changed with local-address of the pppoe-client

rextended · May 1, 2021, 1:45am

what of your 2 pppoe-client must modify the nat rule?
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.140.70.16 dst-port=80,443 \
    protocol=tcp to-addresses=10.20.20.2 comment=1
add action=dst-nat chain=dstnat dst-address=10.140.70.19 dst-port=80,443 \
    protocol=tcp to-addresses=10.20.20.3 comment=2
these 2 nat
the dst-address changed with local-address of the pppoe-client

ok, both nat, one from ppp client 1 and other from 2?
I'm writing the script, do not go away

rextended · May 1, 2021, 1:54am

OK, paste this on terminal:

/ppp profile
add change-tcp-mss=yes name="default autoNAT 1" on-up="/ip fire nat set [find where comment=\"changeMe1\" ] dst-address=\$\"local-address\""
add change-tcp-mss=yes name="default autoNAT 2" on-up="/ip fire nat set [find where comment=\"changeMe2\" ] dst-address=\$\"local-address\""

now modify NAT rules:
change/set NAT rule comment to exactly “changeMe1” (without quotes) where dst-address must be set with pppoe-client1 IP and
change/set NAT rule comment to exactly “changeMe2” (without quotes) where dst-address must be set with pppoe-client2 IP

with the next instruction, probably your connection can be disconnected for some seconds:
with winbox on “PPP” / “interface” open pppoe-out1 and on “Dial Out” tab change “Profile” from “default” to “default autoNAT 1”
now open pppoe-out2 and change again “Profile” from “default” to “default autoNAT 2”

from now everytime one of your pppoe-client change IP or go up (after go down) the IP on NAT are updated.
(if you need, you can comment more than one NAT line, or also no one, with same “changeMe” comment, and all are updated at same time without change the script)

If for some reason the NAT rule or comment are removed or changed, nothing happen.

muhanadali · May 1, 2021, 2:13am

OK, paste this on terminal:
/ppp profile
add change-tcp-mss=yes name="default autoNAT 1" on-up="/ip fire nat set [find where comment=\"changeMe1\" ] dst-address=\$\"local-address\""
add change-tcp-mss=yes name="default autoNAT 2" on-up="/ip fire nat set [find where comment=\"changeMe2\" ] dst-address=\$\"local-address\""
now modify NAT rules:
change/set NAT rule comment to exactly "changeMe1" (without quotes) where dst-address must be set with pppoe-client1 IP and
change/set NAT rule comment to exactly "changeMe2" (without quotes) where dst-address must be set with pppoe-client2 IP

with the next instruction, probably your connection can be disconnected for some seconds:
with winbox on "PPP" / "interface" open pppoe-out1 and on "Dial Out" tab change "Profile" from "default" to "default autoNAT 1"
now open pppoe-out2 and change again "Profile" from "default" to "default autoNAT 2"

from now everytime one of your pppoe-client change IP or go up (after go down) the IP on NAT are updated.
(if you need, you can comment more than one NAT line, or also no one, with same "changeMe" comment, and all are updated at same time without change the script)

If for some reason the NAT rule or comment are removed or changed, nothing happen.

you are amazing
it's working , thank you very much

rextended · May 1, 2021, 2:20am

P.S.:

for those who ask:

change-tcp-mss=yes is the “default” behavior of “default” rule.
For some reason creating new profile without change-tcp-mss=yes specified, do not set change-tcp-mss=yes…
Must be specified on creation of profile.