script for change public IP every hour

alexanderi · January 17, 2012, 9:37pm

ip firewall nat
add action=src-nat chain=srcnat comment=“” disabled=no src-address=192.168.11.0/24 to-addresses=8.8.8.135

please help create script:
IP adress 8.8.8.129 be it oneself RANDOM change from area 8.8.8.129/25 every hour
thanks.

huigezi · January 18, 2012, 3:24am

Hello
This is for the Routeros cannot achieve However, you can create a rule for different to-addresses
Opening and closing to achieve through script

c0d3rSh3ll · January 20, 2012, 6:34pm

use option masquerade, is used for conection dynamic.

src-nat is used for conection static

alexanderi · January 22, 2012, 12:43pm

thanks for answer. please example for rules and script. i am beginner. tnx

huigezi · January 22, 2012, 1:30pm

first you must add a rules for:

/ip firewall nat
add action=src-nat chain=srcnat comment=1 disabled=no src-address=192.168.11.0/24 to-addresses=8.8.8.129

:do {
#set rules comment
:local com  "1"
#set start count
:local start "129"
#set ip address prefix
:local prefix "8.8.8."
/ip firewall nat
:foreach a in=[find comment=$com] do={
:local cuip [get $a to-addresses]
:local aa [:pick $cuip 6 9]
:if ($aa!="254") do={
:local bb ($aa+1)
set $a to-addresses=($prefix.$bb)
}
:if ($aa="254") do={
:local bb $start
set $a to-addresses=($prefix.$bb)
}}}

huigezi · January 22, 2012, 1:35pm

the code mean is:
every hour the to-addresses be set to
8.8.8.129
8.8.8.130
8.8.8.131
8.8.8.132
8.8.8.133…until to 8.8.8.254
if ithe to-addresses is 8.8.8.254
the code will set to-addresses is 8.8.8.129 restart

ROS cannot be set random address but You can set different address per hour if you use the code

alexanderi · January 24, 2012, 12:08am

thank you very much, script working perfect.
good job.

1qqq · April 10, 2012, 6:20pm

how do you apply this code ?

:do {
#set rules comment
:local com “1”
#set start count
:local start “129”
#set ip address prefix
:local prefix “8.8.8.”
/ip firewall nat
:foreach a in=[find comment=$com] do={
:local cuip [get $a to-addresses]
:local aa [:pick $cuip 6 9]
:if ($aa!=“254”) do={
:local bb ($aa+1)
set $a to-addresses=($prefix.$bb)
}
:if ($aa=“254”) do={
:local bb $start
set $a to-addresses=($prefix.$bb)
}}}

anandreddy · November 9, 2015, 1:36pm

huigezi:

first you must add a rules for:

/ip firewall nat
add action=src-nat chain=srcnat comment=1 disabled=no src-address=192.168.11.0/24 to-addresses=8.8.8.129

:do {
#set rules comment
:local com  "1"
#set start count
:local start "129"
#set ip address prefix
:local prefix "8.8.8."
/ip firewall nat
:foreach a in=[find comment=$com] do={
:local cuip [get $a to-addresses]
:local aa [:pick $cuip 6 9]
:if ($aa!="254") do={
:local bb ($aa+1)
set $a to-addresses=($prefix.$bb)
}
:if ($aa="254") do={
:local bb $start
set $a to-addresses=($prefix.$bb)
}}}

the code is working perfect when to-address is 8.8.8.
but when we change the ipaddress to 192.168.16. then code is unable change the yo-address.

Kindly check the code.
tested on CCR-1009 with 6.29 version

Thanks

PaulsMT · November 9, 2015, 2:50pm

The problem here is with pick command - picking from 6th digit to 9th digit works fine with “8.8.8.x” but it fails with higher IPs because starting from 6th to 9th digit for IP “192.168.16.x” will give you different output (6.1)

Best solution is to use Bitwise operators to only take specific part of IP

For example:
{
:local IP 8.8.8.8
:put (($IP&0.0.0.255))
}

will always give you last 8 bits of IP.

Here is working code for all IP formats:

{
:local com “1”
:local cuip
:local start “129”
:local end
:local endNum
:local first
:local firstNum
:local nextIP

:while (true) do={
:delay 60m;
:foreach a in=[/ip firewall nat find where comment=$com] do={
:set $cuip [/ip firewall nat get $a to-addresses];

###Get last
:set $end ($cuip&0.0.0.255);
:set $first ($cuip&255.255.255.0);

:set $endNum [:pick $end 6 ([:len $end])];
:set $firstNum [:pick $first 0 ([:len $first]-2)];

:if ($endNum>=129 && $endNum<=253) do={:set $endNum ($endNum +1);}
:if ($endNum=254) do={:set $endNum $start;}

:set $nextIP ($firstNum.“.”.$endNum);
/ip firewall nat set $a to-addresses=“$nextIP”;
}
}
}

This script will change all NAT rules with comment=“1”, changing to-address end from 129-253

It will not change to-address if IP end is less then 129

boen_robot · November 9, 2015, 2:55pm

$IP&0.0.0.255

Very cool!!!

IMHO, this should be documented in the Wiki, preferably with some example like that. Right now, the bitwise operators give off the impression they work only for integers, and not between two IPs (which I understand are treated as integers “under the hood”, but still - the fact this treatment takes place is not intuitive).

PaulsMT · November 9, 2015, 3:20pm

boen_robot:

$IP&0.0.0.255
Very cool!!!

IMHO, this should be documented in the Wiki, preferably with some example like that. Right now, the bitwise operators give off the impression they work only for integers, and not between two IPs (which I understand are treated as integers “under the hood”, but still - the fact this treatment takes place is not intuitive).

Yes this will work with both, Integer and IP data types. ok thank’s I will add some examples in wiki.

anandreddy · November 10, 2015, 1:24pm

PaulsMT:

The problem here is with pick command - picking from 6th digit to 9th digit works fine with “8.8.8.x” but it fails with higher IPs because starting from 6th to 9th digit for IP “192.168.16.x” will give you different output (6.1)

Best solution is to use Bitwise operators to only take specific part of IP

For example:
{
:local IP 8.8.8.8
:put (($IP&0.0.0.255))
}

will always give you last 8 bits of IP.

Here is working code for all IP formats:

{
:local com “1”
:local cuip
:local start “129”
:local end
:local endNum
:local first
:local firstNum
:local nextIP

:while (true) do={
:delay 60m;
:foreach a in=[/ip firewall nat find where comment=$com] do={
:set $cuip [/ip firewall nat get $a to-addresses];

###Get last
:set $end ($cuip&0.0.0.255);
:set $first ($cuip&255.255.255.0);

:set $endNum [:pick $end 6 ([:len $end])];
:set $firstNum [:pick $first 0 ([:len $first]-2)];

:if ($endNum>=129 && $endNum<=253) do={:set $endNum ($endNum +1);}
:if ($endNum=254) do={:set $endNum $start;}

:set $nextIP ($firstNum.“.”.$endNum);
/ip firewall nat set $a to-addresses=“$nextIP”;
}
}
}

This script will change all NAT rules with comment=“1”, changing to-address end from 129-253

It will not change to-address if IP end is less then 129

Hello Mr.PaulsMT,
Thanks for your quick reply.
the above script is perfectly working.

jayceep14 · October 14, 2021, 9:11am

Can any help to provide script to change IP last digit from 10-254 and will reset back to 1 after .254

We would like to do this to different set of IP block not only 8.8.8.x

Jotne · October 14, 2021, 11:17am

Why would some change public ip?
This will just give a range of non used IPv4 address that we do not have a lot of.