Community discussions

MikroTik App
 
muhanadali
newbie
Topic Author
Posts: 49
Joined: Tue Aug 25, 2020 12:24 pm

i need an script for my mikrotik server

Sat May 01, 2021 3:02 am

please anyone can help me
i need a script that check the local-address of pppoe-client and go to the firewall mangle and add the local-address to src-nat number 0 in dst-address
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: i need an script for my mikrotik server

Sat May 01, 2021 4:10 am

"to src-nat number 0 in dst-address"

this is not clear for me, src-nat are on NAT, not in mangle
Last edited by rextended on Sat May 01, 2021 4:25 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: i need an script for my mikrotik server

Sat May 01, 2021 4:16 am

use variable $"local-address" inside your script on profile event when pppoe-client go up

I provide to you this example to put on onup event:

/ ip fire man set [find where comment="modifythis" ] dst-address=$"local-address"
 
muhanadali
newbie
Topic Author
Posts: 49
Joined: Tue Aug 25, 2020 12:24 pm

Re: i need an script for my mikrotik server

Sat May 01, 2021 4:22 am

"to src-nat number 0 in dst-address"

this is not clear for me
i mean the local-address that get from script when pppoe-client is up

insert inside a dstnat in firewall nat

my proplem is how to get the local-address from the pppoe-client
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: i need an script for my mikrotik server

Sat May 01, 2021 4:25 am

"to src-nat number 0 in dst-address"

this is not clear for me
i mean the local-address that get from script when pppoe-client is up

insert inside a dstnat in firewall nat

my proplem is how to get the local-address from the pppoe-client

first paste this on terminal and put on forum the results:
/int pppoe-client export hide-sensitive
after that I can write your script
 
muhanadali
newbie
Topic Author
Posts: 49
Joined: Tue Aug 25, 2020 12:24 pm

Re: i need an script for my mikrotik server

Sat May 01, 2021 4:37 am

"to src-nat number 0 in dst-address"

this is not clear for me
i mean the local-address that get from script when pppoe-client is up

insert inside a dstnat in firewall nat

my proplem is how to get the local-address from the pppoe-client

first paste this on terminal and put on forum the results:
/int pppoe-client export hide-sensitive
after that I can write your script
that's results
/interface pppoe-client
add comment=E+ interface=Lan1 name=pppoe-out1 user=2015@najaftop52x
add comment="E+ Qasimq" interface=Lan2 max-mtu=1500 name=pppoe-out2 user=\
    qasimq@najaf
[admin@MikroTik] > 
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: i need an script for my mikrotik server

Sat May 01, 2021 4:38 am

what of your 2 pppoe-client must modify the nat rule?
 
muhanadali
newbie
Topic Author
Posts: 49
Joined: Tue Aug 25, 2020 12:24 pm

Re: i need an script for my mikrotik server

Sat May 01, 2021 4:42 am

what of your 2 pppoe-client must modify the nat rule?
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.140.70.16 dst-port=80,443 \
    protocol=tcp to-addresses=10.20.20.2 comment=1
add action=dst-nat chain=dstnat dst-address=10.140.70.19 dst-port=80,443 \
    protocol=tcp to-addresses=10.20.20.3 comment=2
these 2 nat
the dst-address changed with local-address of the pppoe-client
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: i need an script for my mikrotik server

Sat May 01, 2021 4:45 am

what of your 2 pppoe-client must modify the nat rule?
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=10.140.70.16 dst-port=80,443 \
    protocol=tcp to-addresses=10.20.20.2 comment=1
add action=dst-nat chain=dstnat dst-address=10.140.70.19 dst-port=80,443 \
    protocol=tcp to-addresses=10.20.20.3 comment=2
these 2 nat
the dst-address changed with local-address of the pppoe-client
ok, both nat, one from ppp client 1 and other from 2?
I'm writing the script, do not go away
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: i need an script for my mikrotik server

Sat May 01, 2021 4:54 am

OK, paste this on terminal:
/ppp profile
add change-tcp-mss=yes name="default autoNAT 1" on-up="/ip fire nat set [find where comment=\"changeMe1\" ] dst-address=\$\"local-address\""
add change-tcp-mss=yes name="default autoNAT 2" on-up="/ip fire nat set [find where comment=\"changeMe2\" ] dst-address=\$\"local-address\""
now modify NAT rules:
change/set NAT rule comment to exactly "changeMe1" (without quotes) where dst-address must be set with pppoe-client1 IP and
change/set NAT rule comment to exactly "changeMe2" (without quotes) where dst-address must be set with pppoe-client2 IP

with the next instruction, probably your connection can be disconnected for some seconds:
with winbox on "PPP" / "interface" open pppoe-out1 and on "Dial Out" tab change "Profile" from "default" to "default autoNAT 1"
now open pppoe-out2 and change again "Profile" from "default" to "default autoNAT 2"

from now everytime one of your pppoe-client change IP or go up (after go down) the IP on NAT are updated.
(if you need, you can comment more than one NAT line, or also no one, with same "changeMe" comment, and all are updated at same time without change the script)

If for some reason the NAT rule or comment are removed or changed, nothing happen.
 
muhanadali
newbie
Topic Author
Posts: 49
Joined: Tue Aug 25, 2020 12:24 pm

Re: i need an script for my mikrotik server

Sat May 01, 2021 5:13 am

OK, paste this on terminal:
/ppp profile
add change-tcp-mss=yes name="default autoNAT 1" on-up="/ip fire nat set [find where comment=\"changeMe1\" ] dst-address=\$\"local-address\""
add change-tcp-mss=yes name="default autoNAT 2" on-up="/ip fire nat set [find where comment=\"changeMe2\" ] dst-address=\$\"local-address\""
now modify NAT rules:
change/set NAT rule comment to exactly "changeMe1" (without quotes) where dst-address must be set with pppoe-client1 IP and
change/set NAT rule comment to exactly "changeMe2" (without quotes) where dst-address must be set with pppoe-client2 IP

with the next instruction, probably your connection can be disconnected for some seconds:
with winbox on "PPP" / "interface" open pppoe-out1 and on "Dial Out" tab change "Profile" from "default" to "default autoNAT 1"
now open pppoe-out2 and change again "Profile" from "default" to "default autoNAT 2"

from now everytime one of your pppoe-client change IP or go up (after go down) the IP on NAT are updated.
(if you need, you can comment more than one NAT line, or also no one, with same "changeMe" comment, and all are updated at same time without change the script)

If for some reason the NAT rule or comment are removed or changed, nothing happen.
you are amazing
it's working , thank you very much
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: i need an script for my mikrotik server

Sat May 01, 2021 5:20 am

P.S.:

for those who ask:

change-tcp-mss=yes is the "default" behavior of "default" rule.
For some reason creating new profile without change-tcp-mss=yes specified, do not set change-tcp-mss=yes...
Must be specified on creation of profile.

Who is online

Users browsing this forum: andrep, boocko, mtkvvv and 45 guests