Community discussions

MikroTik App
 
BassTeQ
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 19, 2018 5:52 am

Find specific NAT rule

Fri Jan 15, 2021 12:55 am

Hello, from the command line I need to be able to find a specific nat rule, any ideas on what I may be doing wrong?
[admin@MikroTik] > /ip firewall nat print [/ip firewall nat find dst-port="55882"]
expected end of command (line 1 column 24)
Thanks
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Find specific NAT rule

Fri Jan 15, 2021 1:01 am

/ip firewall nat print where dst-port="55882"
 
BassTeQ
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 19, 2018 5:52 am

Re: Find specific NAT rule

Fri Jan 15, 2021 5:06 am

/ip firewall nat print where dst-port="55882"
Thank you very much!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Find specific NAT rule

Fri Jan 15, 2021 9:42 am

To use it in a script, use find:
/ip firewall nat find where dst-port="55882"
To test it out and see what rune number it is:
:put [/ip firewall nat find where dst-port="55882"]
But in a script rule number changes, so to get the line:
:put [/ip firewall nat get [/ip firewall nat find where dst-port="55882"]]]
Or shorten some.
:put [/ip firewall nat get [find where dst-port="55882"]]]
:put is only used to show the output, you can store it to an variable or use it in a loop etc.

To only get one field of data, like the comments.
:put [/ip firewall nat get [find where dst-port="55882"] comment]]
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Find specific NAT rule

Fri Jan 15, 2021 2:30 pm

That is a strange request.
Are you using winbox??

If so , just go to IP FIREWALL and select NAT.
Then if you dont have destination port showing on the columns, add it using the far right selector (typically shows ALL as default choice).
If you click on dst nat header in the column it will change to sequential order etc........ quite easy to read...
 
BassTeQ
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 19, 2018 5:52 am

Re: Find specific NAT rule

Thu Jan 21, 2021 4:55 am

That is a strange request.
Are you using winbox??

No I'm using the command via SSH from another server to GET and SET a specific firewall rule

How would I edit the to-ports field for a given rule, eg
/ip firewall nat set to-ports="12345" where comment="TEST RULE"
Thanks
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Find specific NAT rule

Thu Jan 21, 2021 5:18 pm

You need to find the rule, then set the port, so

Set command
/ip firewall nat set "rule number" to-port=12345
To find the "rule number"
/ip firewall nat find where comment="TEST RULE"
So combined
/ip firewall nat set [/ip firewall nat find where comment="TEST RULE"] to-port=12345
This can be shorten some, since you already specify the path in the outer command.
/ip firewall nat set [find where comment="TEST RULE"] to-port=12345
 
BassTeQ
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 51
Joined: Fri Jan 19, 2018 5:52 am

Re: Find specific NAT rule

Fri Jan 22, 2021 1:59 am

This can be shorten some, since you already specify the path in the outer command.
/ip firewall nat set [find where comment="TEST RULE"] to-port=12345

Perfect thank you very much for your assistance!
 
shafiqrahman
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Apr 12, 2017 1:42 am

Re: Find specific NAT rule

Thu May 20, 2021 5:50 pm

Is this argument corect?
:if ([/ip firewall nat get [find where comment=pihole_bypass] disabled]=yes) do={
Seems, like the only thread discussing nat get find :D
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Find specific NAT rule

Thu May 20, 2021 5:55 pm

That is a strange request.
Are you using winbox??

No I'm using the command via SSH from another server to GET and SET a specific firewall rule

How would I edit the to-ports field for a given rule, eg
/ip firewall nat set to-ports="12345" where comment="TEST RULE"
Thanks
That is what a more properly worded question/requirement should look like.
We can only work with what is provided. Thanks for the clarification.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Find specific NAT rule

Thu May 20, 2021 7:00 pm

Is this argument corect?
:if ([/ip firewall nat get [find where comment=pihole_bypass] disabled]=yes) do={
Seems, like the only thread discussing nat get find :D
what mess... :))

you want:
/ip fire nat
:if ( [get [find where comment="pihole_bypass"] disabled] = yes) do={
  :put "pihole_bypass disabled"
 } else={
  :put "pihole_bypass enabled"
 }

# *** or ***

/ip fire nat
:if ( [:len [find where comment="pihole_bypass" and disabled=yes] ] > 0) do={
  :put "all or a least one pihole_bypass disabled"
 } else={
  :put "all pihole_bypass enabled or none exist"
 }
 
shafiqrahman
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Apr 12, 2017 1:42 am

Re: Find specific NAT rule

Thu May 20, 2021 7:58 pm

Thank you , @rextended for clearing out the mess again :)) :D, Actually, that line was a part of fallback script. I am still ironing out again :D
/ip fire nat
:if ( [get [find where comment="pihole_bypass"] disabled] = yes) do={
  :resolve google.com server=192.168.188.25;
  } on-error={
  :put "pihole_bypass enabled"
 } else={
  :resolve google.com server=192.168.188.25;
  :put "pihole_bypass disabled"
 }
Sorry for hijacking the thread :P
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Find specific NAT rule

Fri May 21, 2021 12:53 am

Thank you , @rextended for clearing out the mess again :)) :D, Actually, that line was a part of fallback script. I am still ironing out again :D
/ip fire nat
:if ( [get [find where comment="pihole_bypass"] disabled] = yes) do={
  :resolve google.com server=192.168.188.25;
  } on-error={
  :put "pihole_bypass enabled"
 } else={
  :resolve google.com server=192.168.188.25;
  :put "pihole_bypass disabled"
 }
Sorry for hijacking the thread :P


mmm.... I think I understand what you want obtain?
/ip fire nat
:if ( [get [find where comment="pihole_bypass"] disabled] = yes) do={
    :local noerror true
    :put "pihole_bypass is disabled, check if working"
    :do { :resolve google.com server=192.168.188.25
    } on-error={
        :put "unresolvable, pihole still disabled"
        :set $noerror false
    }
    :if ($noerror) do={
        :put "but now is working, enable pihole_bypass"
        set [find where comment="pihole_bypass"] disabled=no
    }
} else={
    :put "pihole_bypass is enabled, check if working"
    :do { :resolve google.com server=192.168.188.25
    } on-error={
        :put "but now do not work and I disable pihole_bypass"
        set [find where comment="pihole_bypass"] disabled=yes
    }
}
 
shafiqrahman
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Apr 12, 2017 1:42 am

Re: Find specific NAT rule

Fri May 21, 2021 5:52 am

Kinda, but still not working. The script should enable some NAT rule when pihole is down, and disable it when it is up again. ref:viewtopic.php?f=2&t=174873&p=858144#p858144. For some weird reason scheduler doing nothing. But, the script was nice though, thank you :D
Update: Solved my issue
:local piholeDown [/ip firewall nat print count-only where comment~"pihole_bypass" && disabled]
:local piholeDNS "192.168.188.25"
:local testDomain "www.google.com"

:if ($piholeDown > 0 ) do={
    :do {
        :resolve $testDomain server $piholeDNS
    } on-error={
        /ip firewall nat enable [find comment=pihole_bypass];
    }
} else={
    :do {
        :resolve $testDomain server $piholeDNS
        /ip firewall nat disable [find comment=pihole_bypass];
    } on-error={}
}

Who is online

Users browsing this forum: Bing [Bot] and 54 guests