problem in schedular NAT

eghtedari2000 · January 30, 2010, 8:36pm

hi

i configured a schedular NAT on my routers but until i dont disconnect the user manualy the service for the doesnt stop.

can any body help me?

Chupaka · January 30, 2010, 11:14pm

please explain in more details…

eghtedari2000 · January 31, 2010, 2:06pm

i have a free service for night that thet user is a local user in router the username is “night@night”

this service is 2-7 a.m.

but when you connected from 2 A.M. till the admin kill the user manualy the user can use the service and doesnt stop automatically.

i configured in router that the NAT od that IP pool work from 2-7 A.M.

fewi · January 31, 2010, 4:48pm

Can you start new downloads after the schedule expires, or is it just that connections started before it expired keep going even afterwards? NAT is only applied at the beginning of the connection and then read from a state table, the rule is not consulted again. Instead of scheduling the NAT rule try scheduling a firewall filter rule instead.

eghtedari2000 · February 1, 2010, 10:28am

Dear friend

you are right, i start ping to 4.2.2.1 from 6:45 and after 7:00 i have ping but after 7:00 i wanted to ping yahoo.com it doesnt have ping.

can you guide me more about your offer?

Chupaka · February 1, 2010, 11:38am

post your config. in general, you should do the same scheduler as for NAT, but for Firewall Filter with chain=forward

eghtedari2000 · February 1, 2010, 3:07pm

hi

thanks alot

can you help me more about configuration that you said at top, aout schedular firewall and chain-forwars?

thanks

Chupaka · February 1, 2010, 3:40pm

eghtedari2000 · February 2, 2010, 8:20am

Dear Friend

thanks alot for your support

which part of router s config do you need?

and you need that in terminal mode?

thanks

Chupaka · February 2, 2010, 10:05am

this part of config, of course

eghtedari2000 · February 2, 2010, 2:39pm

hi

i configured that via winbox, can you send me configuration for schedular firewall

thanks

Chupaka · February 2, 2010, 3:17pm

in Terminal, use ‘export’ command in any submenu (for example, ‘/ip firewall nat export’)

eghtedari2000 · February 3, 2010, 11:35am

Dear Friend

Thanks alot from you and excuse me because of latency and ask much of questions from you because of i am not too expert

/ip firewall nat
add action=src-nat chain=srcnat comment=“” disabled=no src-address=192.168.171.0/24 to-addresses=78.157.35.154
add action=src-nat chain=srcnat comment=“” disabled=no src-address=192.168.132.0/24 src-address-type=unicast time=
2h-7h,sun,mon,tue,wed,thu,fri,sat to-addresses=78.157.35.154
add action=src-nat chain=srcnat comment=“” disabled=no src-address=172.16.1.0/24 to-addresses=78.157.35.154
add action=src-nat chain=srcnat comment=“” disabled=no src-address=172.16.2.0/24 to-addresses=78.157.35.154
add action=src-nat chain=srcnat comment=“” disabled=no src-address=172.16.3.0/24 to-addresses=78.157.35.154

thanks

fewi · February 3, 2010, 2:51pm

Remove the time constriction from the NAT line you marked red, and add the following to your firewall in a place that makes sense (if you aren’t sure where that is post your “/ip firewall filter” ruleset):

/ip firewall filter
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=0h-2h,sun,mon,tue,wed,thu,fri,sat 
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=7h-24h,sun,mon,tue,wed,thu,fri,sat

eghtedari2000 · February 3, 2010, 10:16pm

fewi:

Remove the time constriction from the NAT line you marked red, and add the following to your firewall in a place that makes sense (if you aren’t sure where that is post your “/ip firewall filter” ruleset):
/ip firewall filter
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=0h-2h,sun,mon,tue,wed,thu,fri,sat 
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=7h-24h,sun,mon,tue,wed,thu,fri,sat

ok, i will say you the result

eghtedari2000 · February 6, 2010, 10:21pm

eghtedari2000:

fewi:
Remove the time constriction from the NAT line you marked red, and add the following to your firewall in a place that makes sense (if you aren’t sure where that is post your “/ip firewall filter” ruleset):
/ip firewall filter
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=0h-2h,sun,mon,tue,wed,thu,fri,sat 
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=7h-24h,sun,mon,tue,wed,thu,fri,sat
ok, i will say you the result

thanks alot dear friend

it works good now

eghtedari2000 · February 9, 2010, 8:48am

eghtedari2000:

eghtedari2000:
fewi:
Remove the time constriction from the NAT line you marked red, and add the following to your firewall in a place that makes sense (if you aren’t sure where that is post your “/ip firewall filter” ruleset):
/ip firewall filter
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=0h-2h,sun,mon,tue,wed,thu,fri,sat 
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=7h-24h,sun,mon,tue,wed,thu,fri,sat
ok, i will say you the result
thanks alot dear friend

it works good now

thanks alot for your help, my problem solved, i have some questions about GRE tunneling and privilage for user for view and write in the router. should i open new topic or you help me here?

thanks