Community discussions

MikroTik App
 
jone8880
newbie
Topic Author
Posts: 28
Joined: Tue Jun 23, 2009 12:35 am

How to?: dynamic purpose of the public IPs via NAT

Tue Aug 18, 2009 8:22 pm

I've use mikrotik like boarder gate, shaper, bgp. My billing via ssh do only one thing - add and remove ip address "X" to address-list "Y". Now I need dynamic assign public ip adresses for local adresses from address-list via NAT. For example: pool "one" 95.95.95.0/24. When 192.168.1.1 add to address list "one". Script must make next:
1) get free ip from pool "one"
2)make 2 nat rules: src-nat 192.168.1.1 to 95.95.95.100; dst-nat 95.95.95.100 to 192.168.1.1
3) when ip 192.168.1.1 remove from address list "one" - - nat rules must remove.


How to do it?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8370
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to?: dynamic purpose of the public IPs via NAT

Thu Aug 20, 2009 4:21 am

I think, it's easier, if your billing via ssh will do one more thing - add and remove NAT rules =)

it's even more logical
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
jone8880
newbie
Topic Author
Posts: 28
Joined: Tue Jun 23, 2009 12:35 am

Re: How to?: dynamic purpose of the public IPs via NAT

Fri Aug 21, 2009 1:23 am

many operation step-by-step.. in 5 time more..possible will sending 5 line in one frame via ssh?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to?: dynamic purpose of the public IPs via NAT

Fri Aug 21, 2009 1:31 am

Pool management can be surprisingly tricky to script. How do you determine that an address is unused and is available for 1:1 NAT? What happens if a customer extends a contract but the IP address is already booked for someone else? Certainly doable, but some work.

If at all possible I think it'd be much easier if you simply didn't NAT those addresses but rather implemented a second network (VLAN?) that is all public for customers that require public addresses. Then you're back to just adding addresses to adress-lists to permit traffic for them.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to?: dynamic purpose of the public IPs via NAT

Fri Aug 21, 2009 1:41 am

Though I guess if you can spare the publics and don't ever use them for anything else, another alternative would be to simply 1:1 NAT all the public IPs you have to known private IPs, and to always keep those rules. Just don't assign those privates to any customer that didn't pay for a public. If you have no other use for the publics, why dynamically configure them every time?
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

Who is online

Users browsing this forum: No registered users and 41 guests