Community discussions

MikroTik App
 
DarkNate
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Fri Jun 26, 2020 4:37 pm

UPnP in load balancing setup

Sun Oct 18, 2020 9:59 pm

Both ISPs are PPPoE clients and have UPnP enabled, but since this is a load balancing setup, sometimes traffic is routed to ISP1, but UPnP opens up for ISP 2 and vice versa.

I'm no good at scripting, to begin with. So I found this: viewtopic.php?p=426711#p426711

Set it to schedule every minute. Works as expected with a small problem.

The script removes any existing "clones" and recreates same clones every minute. This affects online gaming/VoIP as the ports keep getting removed then replicated every minute for a second or two.

If I remove the "#if the vars above are not same, first all old clones are cleaned /ip firewall nat remove [/ip fi nat find comment="UPnP_Cloned"];" then everytime it runs, it will keep on cloning already cloned UPnP dynamic rules. I already have a separate cleanup script that runs once in 24 hours so I don't need this cleanup.

Basically, what I think is best is to make the script exit when it finds existing dynamic NAT rules are already cloned instead of cleaning/re-cloning. How would I go about doing this?

Even if we could accomplish what I need, the script runs every 1 minute (I think it's crazy to set it to run every 1 second) which is a problem for gaming/VoIP inside games.

Is there any proper solution for UPnP with load balancing setup?
 
DarkNate
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Fri Jun 26, 2020 4:37 pm

Re: UPnP in load balancing setup

Tue Oct 20, 2020 12:15 am

Bump... Anyone?
 
Lelik200
just joined
Posts: 22
Joined: Fri Jul 24, 2020 1:48 pm

Re: UPnP in load balancing setup

Wed Oct 21, 2020 1:16 pm

Hello!
I tried to write "FUTURE VERSION" but cannot test.
And i use "in-interface" matcher instead of "dst-address=<WAN 2 IP>".

:local wan2InterfName "ether2"
:local RuleComment "UPnP_Cloned"
:local I
:local J
:local NeedTo

#if rules identical - function is true, else false
:local fnRulesCompare do={
  :local ForReturn false
  /ip firewall nat
  :if ([get $rule1 protocol]=[get $rule2 protocol]) do={
    :if ([get $rule1 dst-port]=[get $rule2 dst-port]) do={
      :if ([get $rule1 to-addresses]=[get $rule2 to-addresses]) do={
        :if ([get $rule1 to-ports]=[get $rule2 to-ports]) do={
          :set ForReturn true
        }
      }
    }
  }
  :return $ForReturn
}

#remove cloned rules not matching any one dynamic rules
:foreach I in=[/ip firewall nat find where comment=$RuleComment] do={
#if there are not any one dynamic rule - "I" will be remuved
  :set NeedTo true
  :foreach J in=[/ip firewall nat find dynamic] do={
#if NeedTo one time set to false - don't back to true
    :if ($NeedTo) do={
#if rules identical - we not need to remove "I"
      :set NeedTo (![$fnRulesCompare rule1=$I rule2=$J])
    }
  }
  :if ($NeedTo) do={
    :do {/ip firewall nat remove $I} on-error={}
  }
}

#clone dynamic rules not alredy cloned
:foreach I in=[/ip firewall nat find dynamic] do={
#if there are not any one cloned rule - "I" will be cloned
  :set NeedTo true
  :foreach J in=[/ip firewall nat find where comment=$RuleComment] do={
    :if ($NeedTo) do={
#if rules identical - we not need to add "I"
      :set NeedTo (![$fnRulesCompare rule1=$I rule2=$J])
    }
  }
  :if ($NeedTo) do={
    :do {
      /ip firewall nat add \
        chain=dstnat \
        protocol=[/ip firewall nat get $I protocol] \
        dst-port=[/ip firewall nat get $I dst-port] \
        in-interface=$wan2InterfName \
        action=dst-nat \
        to-addresses=[/ip firewall nat get $I to-addresses] \
        to-ports=[/ip firewall nat get $I to-ports] \
        comment=$RuleComment
    } on-error={}
  }
}
 
DarkNate
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Fri Jun 26, 2020 4:37 pm

Re: UPnP in load balancing setup

Wed Oct 21, 2020 2:19 pm

Hello!
I tried to write "FUTURE VERSION" but cannot test.
And i use "in-interface" matcher instead of "dst-address=<WAN 2 IP>".

:local wan2InterfName "ether2"
:local RuleComment "UPnP_Cloned"
:local I
:local J
:local NeedTo

#if rules identical - function is true, else false
:local fnRulesCompare do={
  :local ForReturn false
  /ip firewall nat
  :if ([get $rule1 protocol]=[get $rule2 protocol]) do={
    :if ([get $rule1 dst-port]=[get $rule2 dst-port]) do={
      :if ([get $rule1 to-addresses]=[get $rule2 to-addresses]) do={
        :if ([get $rule1 to-ports]=[get $rule2 to-ports]) do={
          :set ForReturn true
        }
      }
    }
  }
  :return $ForReturn
}

#remove cloned rules not matching any one dynamic rules
:foreach I in=[/ip firewall nat find where comment=$RuleComment] do={
#if there are not any one dynamic rule - "I" will be remuved
  :set NeedTo true
  :foreach J in=[/ip firewall nat find dynamic] do={
#if NeedTo one time set to false - don't back to true
    :if ($NeedTo) do={
#if rules identical - we not need to remove "I"
      :set NeedTo (![$fnRulesCompare rule1=$I rule2=$J])
    }
  }
  :if ($NeedTo) do={
    :do {/ip firewall nat remove $I} on-error={}
  }
}

#clone dynamic rules not alredy cloned
:foreach I in=[/ip firewall nat find dynamic] do={
#if there are not any one cloned rule - "I" will be cloned
  :set NeedTo true
  :foreach J in=[/ip firewall nat find where comment=$RuleComment] do={
    :if ($NeedTo) do={
#if rules identical - we not need to add "I"
      :set NeedTo (![$fnRulesCompare rule1=$I rule2=$J])
    }
  }
  :if ($NeedTo) do={
    :do {
      /ip firewall nat add \
        chain=dstnat \
        protocol=[/ip firewall nat get $I protocol] \
        dst-port=[/ip firewall nat get $I dst-port] \
        in-interface=$wan2InterfName \
        action=dst-nat \
        to-addresses=[/ip firewall nat get $I to-addresses] \
        to-ports=[/ip firewall nat get $I to-ports] \
        comment=$RuleComment
    } on-error={}
  }
}
Is there a way to make your script do this:
1. Clone WAN1 dynamic rules to WAN2 and also clone WAN2 to WAN1 because that's the original problem with UPnP anyway
2. Of course, while avoiding cloning already existing clones on either WAN interfaces.

One thing I'm concerned about is flash write cycles. Since it looks like cloned rules aka NAT rules are stored on the flash. What do you think?
 
Lelik200
just joined
Posts: 22
Joined: Fri Jul 24, 2020 1:48 pm

Re: UPnP in load balancing setup

Wed Oct 21, 2020 4:19 pm

Is there a way to make your script do this:
1. Clone WAN1 dynamic rules to WAN2 and also clone WAN2 to WAN1 because that's the original problem with UPnP anyway
2. Of course, while avoiding cloning already existing clones on either WAN interfaces.
I think yes

The original article said:
1. Make the simplest UPnP config for just WAN1
Did you do that? Or do you need to enable upnp for both interfaces?

One thing I'm concerned about is flash write cycles. Since it looks like cloned rules aka NAT rules are stored on the flash. What do you think?
I think there is reason for concern, but if the script does not re-create the rules, it will minimize the load on the flash memory as much as possible.
 
DarkNate
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Fri Jun 26, 2020 4:37 pm

Re: UPnP in load balancing setup

Wed Oct 21, 2020 5:09 pm

Is there a way to make your script do this:
1. Clone WAN1 dynamic rules to WAN2 and also clone WAN2 to WAN1 because that's the original problem with UPnP anyway
2. Of course, while avoiding cloning already existing clones on either WAN interfaces.
I think yes

The original article said:
1. Make the simplest UPnP config for just WAN1
Did you do that? Or do you need to enable upnp for both interfaces?

One thing I'm concerned about is flash write cycles. Since it looks like cloned rules aka NAT rules are stored on the flash. What do you think?
I think there is reason for concern, but if the script does not re-create the rules, it will minimize the load on the flash memory as much as possible.
Yeah, ignore the "WAN1" only idea. That won't play nice with failover, I enabled UPnP for both WAN interfaces. MikroTik support told me enabling UPnP for multiple external interfaces is fine. Just that it works well only in failover, not load balancing.

Regarding Flash memory, in the long run, running this script every minute isn't the wisest thing I think?
 
Lelik200
just joined
Posts: 22
Joined: Fri Jul 24, 2020 1:48 pm

Re: UPnP in load balancing setup

Thu Oct 22, 2020 12:45 am

Regarding Flash memory, in the long run, running this script every minute isn't the wisest thing I think?
I will write an update for the script and we will test it. I hope that changes from UPNP will not be frequent and, accordingly, the load on the flash memory will be small, and it will be the normal, to run this script even often than 1 time at minute.
 
DarkNate
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Fri Jun 26, 2020 4:37 pm

Re: UPnP in load balancing setup

Fri Oct 23, 2020 3:07 am

Regarding Flash memory, in the long run, running this script every minute isn't the wisest thing I think?
I will write an update for the script and we will test it. I hope that changes from UPNP will not be frequent and, accordingly, the load on the flash memory will be small, and it will be the normal, to run this script even often than 1 time at minute.
All right, post the script when it's ready and I'll test it.

Also, I think we need to make use of global variables to fetch the IP address of each interface in my case PPPoE clients since one is dynamic IP for use.
 
DarkNate
Member Candidate
Member Candidate
Topic Author
Posts: 270
Joined: Fri Jun 26, 2020 4:37 pm

Re: UPnP in load balancing setup

Thu Oct 29, 2020 8:57 pm

Regarding Flash memory, in the long run, running this script every minute isn't the wisest thing I think?
I will write an update for the script and we will test it. I hope that changes from UPNP will not be frequent and, accordingly, the load on the flash memory will be small, and it will be the normal, to run this script even often than 1 time at minute.
@Lelik200 anything yet?

Who is online

Users browsing this forum: aliboy and 22 guests