We are encountering a problem with port forwarding using the following script:
/ip firewall nat
add chain=dstnat action=dst-nat protocol=tcp dst-address=180.180.127.xxx dst-port=81 to-addresses=192.168.123.65 to-ports=81
add chain=dstnat action=dst-nat protocol=tcp dst-address=180.180.127.xxx dst-port=9000 to-addresses=192.168.123.65 to-ports=9000
add chain=dstnat action=dst-nat protocol=udp dst-address=180.180.127.xxx dst-port=9000 to-addresses=192.168.123.65 to-ports=9000
/ip firewall filter
add chain=forward action=accept protocol=tcp dst-address=192.168.123.65 dst-port=81,9000
add chain=forward action=accept protocol=udp dst-address=192.168.123.65 dst-port=9000
The problem is that everytime the router restarts we get a different external IP address, we have a DynDNS free account with a script that runs each reboot to update theDynDNS hostname, how can we put a variable like $currentIP. In place of the 180.180.127.xxx in the script.
Sent from my tablet using Tapatalk
Re: Basic port forwarding problem with dynamic IP address
How about changing the Destination IP address for an in-interface?
Although, this does not help if you're allocated say a /29 block. A netmap might be worth trying, but never tried it in your particular scenario.
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-port=81 in-interface=ether1-public protocol=tcp to-addresses=192.168.123.65 to-ports=81Re: Basic port forwarding problem with dynamic IP address
Thanks Nest
I tried your suggestion but that didn't work
I'm new to these Routers
This is our DynDNS Script - which works incidentally:
# Set needed variables
:local username "username"
:local password "password"
:local hostname "dyndnshost"
:global dyndnsForce
:global previousIP
# print some debug info
:log info ("UpdateDynDNS: username = $username")
:log info ("UpdateDynDNS: hostname = $hostname")
:log info ("UpdateDynDNS: previousIP = $previousIP")
# get the current IP address from the internet (in case of double-nat)
/tool fetch mode=http address="checkip.dyndns.org" src-path="/" dst-path="/dyndns.checkip.html"
:local result [/file get dyndns.checkip.html contents]
# parse the current IP result
:local resultLen [:len $result]
:local startLoc [:find $result ": " -1]
:set startLoc ($startLoc + 2)
:local endLoc [:find $result "</body>" -1]
:local currentIP [:pick $result $startLoc $endLoc]
:log info "UpdateDynDNS: currentIP = $currentIP"
# Remove the # on next line to force an update every single time - useful for debugging, but you could end up getting blacklisted by DynDNS!
#:set dyndnsForce true
# Determine if dyndns update is needed
# more dyndns updater request details available at http://www.dyndns.com/developers/specs/syntax.html
:if (($currentIP != $previousIP) || ($dyndnsForce = true)) do={
:set dyndnsForce false
:set previousIP $currentIP
/tool fetch user=$username password=$password mode=http address="members.dyndns.org" src-path="/nic/update?hostname=$hostname&myip=$currentIP" dst-path="/dyndns.txt"
:local result [/file get dyndns.txt contents]
:log info ("UpdateDynDNS: Dyndns update needed")
:log info ("UpdateDynDNS: Dyndns Update Result: ".$result)
:put ("Dyndns Update Result: ".$result)
} else={
:log info ("UpdateDynDNS: No dyndns update needed")
What I would like to do is put the variable? $currentIP into the Port Forwarding script as so that every time the IP changes the port forward script will update.
I tried your suggestion but that didn't work
I'm new to these Routers
This is our DynDNS Script - which works incidentally:
# Set needed variables
:local username "username"
:local password "password"
:local hostname "dyndnshost"
:global dyndnsForce
:global previousIP
# print some debug info
:log info ("UpdateDynDNS: username = $username")
:log info ("UpdateDynDNS: hostname = $hostname")
:log info ("UpdateDynDNS: previousIP = $previousIP")
# get the current IP address from the internet (in case of double-nat)
/tool fetch mode=http address="checkip.dyndns.org" src-path="/" dst-path="/dyndns.checkip.html"
:local result [/file get dyndns.checkip.html contents]
# parse the current IP result
:local resultLen [:len $result]
:local startLoc [:find $result ": " -1]
:set startLoc ($startLoc + 2)
:local endLoc [:find $result "</body>" -1]
:local currentIP [:pick $result $startLoc $endLoc]
:log info "UpdateDynDNS: currentIP = $currentIP"
# Remove the # on next line to force an update every single time - useful for debugging, but you could end up getting blacklisted by DynDNS!
#:set dyndnsForce true
# Determine if dyndns update is needed
# more dyndns updater request details available at http://www.dyndns.com/developers/specs/syntax.html
:if (($currentIP != $previousIP) || ($dyndnsForce = true)) do={
:set dyndnsForce false
:set previousIP $currentIP
/tool fetch user=$username password=$password mode=http address="members.dyndns.org" src-path="/nic/update?hostname=$hostname&myip=$currentIP" dst-path="/dyndns.txt"
:local result [/file get dyndns.txt contents]
:log info ("UpdateDynDNS: Dyndns update needed")
:log info ("UpdateDynDNS: Dyndns Update Result: ".$result)
:put ("Dyndns Update Result: ".$result)
} else={
:log info ("UpdateDynDNS: No dyndns update needed")
What I would like to do is put the variable? $currentIP into the Port Forwarding script as so that every time the IP changes the port forward script will update.
Basic port forwarding problem with dynamic IP address (Updat
An update this is the situation:
1 - Fibreoptic internet going to Modem
2 - Modem linked to Eth1/PoE port of Mikrotik router81
3 - DVR hooked up to Eth4 port of MikroTik router
4 - Linksys Wireless router hooked up to Eth2 port of MikroTik router
In the MikroTik router we have the above DynDNS script running at boot time on the router, this seems to be working, we have a port forward script running at boot time on the router this has the problem as described iin above post, we now have discovered a further little hiccup.
1. We can access the DVR directly using it's local IP address and port 81 from within the LAN
2. We can access the DVR directly using it's DynDNS.org alias and port 81 from within the LAN
3. We can NOT access the DVR from outside the LAN using it's DynDNS.org alias and port 81 (i.e. from another network) over the internet, we get error page not found
4. We can access the router using theDynDNS alias from outside the LAN using it's DynDNS.org alias and get the router home page, obviously something is awry in my script
This problem is getting somewhat critical as we had it working as aboveuntil the ISP in it's infinite wisdon decided to come in and replace the MikroTik router with one of it's own POS routers. We are now discussing with the customer is whether to change ISP as one of the other ISP's offers the same or similar package with a combined cable modem/wireless router, and I have configured these with the DVR on numerous occassions with no hassles.
1 - Fibreoptic internet going to Modem
2 - Modem linked to Eth1/PoE port of Mikrotik router81
3 - DVR hooked up to Eth4 port of MikroTik router
4 - Linksys Wireless router hooked up to Eth2 port of MikroTik router
In the MikroTik router we have the above DynDNS script running at boot time on the router, this seems to be working, we have a port forward script running at boot time on the router this has the problem as described iin above post, we now have discovered a further little hiccup.
1. We can access the DVR directly using it's local IP address and port 81 from within the LAN
2. We can access the DVR directly using it's DynDNS.org alias and port 81 from within the LAN
3. We can NOT access the DVR from outside the LAN using it's DynDNS.org alias and port 81 (i.e. from another network) over the internet, we get error page not found
4. We can access the router using theDynDNS alias from outside the LAN using it's DynDNS.org alias and get the router home page, obviously something is awry in my script
This problem is getting somewhat critical as we had it working as aboveuntil the ISP in it's infinite wisdon decided to come in and replace the MikroTik router with one of it's own POS routers. We are now discussing with the customer is whether to change ISP as one of the other ISP's offers the same or similar package with a combined cable modem/wireless router, and I have configured these with the DVR on numerous occassions with no hassles.
Re: Basic port forwarding problem with dynamic IP address
Problem solved
Changed the IP/Firewall to in-interface = pppoe-out 1 and problem is resloved. Stays consistant after reboot
Changed the IP/Firewall to in-interface = pppoe-out 1 and problem is resloved. Stays consistant after reboot
Who is online
Users browsing this forum: No registered users and 17 guests