Community discussions

MikroTik App
 
sbotnick
just joined
Topic Author
Posts: 20
Joined: Fri Apr 21, 2017 10:54 pm

Get public IP when router is behind NAT and gets private IP

Wed Aug 16, 2023 4:55 am

Is there a way to get the router to figure out what the public IP is if it sits behind NAT? Use case scenario: Router has private IP address on WAN interface and is NAT'd to a public IP, need DDNS to register with public IP.

BTW, here is a set up for no-ip to use the no-ip group login when the public IP is assigned to a local interface, easily modified to use single user login. This is tested and working on 7.1x
/system script
add name=DDNS policy=read,write,test

/system script 
edit [/system script find name=DDNS] source
############## Script #########################

:local NOIPUser "<no-ip-group>%3A<username>"
:local NOIPPass "<group-word>"
:local WANInter "ether1"
:local NOIPDomain "<myhost>.no-ip.com"

# Get the current IP on the interface
:local currentIP [/ip address get [find interface="$WANInter" disabled=no] address]

# Strip the net mask off the IP address
   :for i from=( [:len $currentIP] - 1) to=0 do={
       :if ( [:pick $currentIP $i] = "/") do={ 
           :set currentIP [:pick $currentIP 0 $i]
       } 
   }

:if ([:resolve $NOIPDomain] != $currentIP) do={
      /tool fetch mode=http user=$NOIPUser password=$NOIPPass url="http://dynupdate.no-ip.com/nic/update\3Fhostname=$NOIPDomain&myip=$currentIP" keep-result=no
      :log info "NO-IP Update: $NOIPDomain - $currentIP"
}

############### END SCRIPT ####################

/system scheduler add comment="Update DDNS" interval=5m name=ddns_scheduler \
on-event="/system script run DDNS\r\n" policy=read,write,test start-time=startup  
URL and group/user was wrong in original post. Corrected.
Last edited by sbotnick on Thu Aug 17, 2023 3:34 am, edited 2 times in total.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Get public IP when router is behind NAT and gets private IP

Wed Aug 16, 2023 5:01 am

To find out the Public IP address your networks are NATting to , go to www.whatismyipaddress.com
 
sbotnick
just joined
Topic Author
Posts: 20
Joined: Fri Apr 21, 2017 10:54 pm

Re: Get public IP when router is behind NAT and gets private IP

Wed Aug 16, 2023 6:41 am

Thanks for the response, but that is not what I am looking for. I need the router to be able to get the public IP to use in it's DDNS script so DDNS gets the public address, not the internal private address.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3043
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Get public IP when router is behind NAT and gets private IP

Wed Aug 16, 2023 8:31 am

In webfig/webfig, you can just enable DDNS in IP > Cloud. After less than a minute will give you an DDNS name like XXXXX.sn.mynetname.net and resolve what the public IP address is.

Once /ip/cloud has fetched the name, you can use it script using "get":
:put [/ip/cloud/get public-address]
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3276
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Get public IP when router is behind NAT and gets private IP

Wed Aug 16, 2023 9:41 am

You need to turn on IP Cloud to get the public IP using :put [/ip cloud get public-address]
 
optio
Long time Member
Long time Member
Posts: 631
Joined: Mon Dec 26, 2022 2:57 pm

Re: Get public IP when router is behind NAT and gets private IP

Wed Aug 16, 2023 2:28 pm

You can also use ipify API (https://www.ipify.org/) if you don't want your router to call home. Using fetch, from https://api.ipify.org you can get public IP.
 
sbotnick
just joined
Topic Author
Posts: 20
Joined: Fri Apr 21, 2017 10:54 pm

Re: Get public IP when router is behind NAT and gets private IP

Thu Aug 17, 2023 1:37 am

Thanks for all the suggestions. Complicating factor: using 3rd party DNS, not the built in "cloud" service.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3043
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Get public IP when router is behind NAT and gets private IP

Thu Aug 17, 2023 1:45 am

Thanks for all the suggestions. Complicating factor: using 3rd party DNS, not the built in "cloud" service.
You can always use a CNAME in your "real" DNS that points to the Mikrotik name. /ip/cloud is just pretty simple.
 
sbotnick
just joined
Topic Author
Posts: 20
Joined: Fri Apr 21, 2017 10:54 pm

Re: Get public IP when router is behind NAT and gets private IP

Thu Aug 17, 2023 3:43 am

Thanks, that's a good workaround, I didn't think of. I wasn't thinking in terms of using the cloud DNS, I unfortunately have administrative overhead that gets excited (in a bad way) with anything remotely mentioning cloud that is not Enterprise sanctioned and there's a little issue of borders and countries. Working with one hand tied behind my back whilst they are trying to tie the other hand behind my back.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3043
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Get public IP when router is behind NAT and gets private IP

Thu Aug 17, 2023 4:48 am

Basically it's the cloud provider side that's detecting the public IP when behind a NAT. I guess you're leaking that you use Mikrotik with CNAME, but it still a public IP.

FWIW, if it's CGNAT, often DDNS doesn't help...depending on what your doing.

IMO, a more enterprise-y thing to do would be create a tunnel back to main infrastructure ;)
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3043
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Get public IP when router is behind NAT and gets private IP

Thu Aug 17, 2023 4:56 am

You can also use ipify API (https://www.ipify.org/) if you don't want your router to call home. Using fetch, from https://api.ipify.org you can get public IP.

Using Optio's suggestion...but still a 3rd party tool. But the follow get the public IP into script.
:put ([/tool fetch url=https://api.ipify.org http-method=get output=user as-value]->"data")

While old as dirt, there is /tool/dns-update that works with a real DNS server, like BIND9. But /tool/dns-update requires keys setup on the DNS server to update (and some VPN)
 
sbotnick
just joined
Topic Author
Posts: 20
Joined: Fri Apr 21, 2017 10:54 pm

Re: Get public IP when router is behind NAT and gets private IP

Thu Aug 17, 2023 5:16 am

Thanks! You are owed a beverage.
Thought about doing my own BIND, but I need the availability of a hosted service.
 
ConradPino
Member
Member
Posts: 337
Joined: Sat Jan 21, 2023 12:44 pm
Contact:

Re: Get public IP when router is behind NAT and gets private IP

Fri Aug 18, 2023 12:10 pm

An AWS EC2 t4g.nano is an excellent BIND 9 server for less than $4 US monthly. We use 3 of them at work for that very purpose.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18697
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Get public IP when router is behind NAT and gets private IP

Fri Aug 18, 2023 1:53 pm

Cp please explain, what can this be used for? Assuming its something in the amazon cloud? Can you put RoS on it (CHR?)
 
K0NCTANT1N
newbie
Posts: 47
Joined: Thu Jun 08, 2023 9:35 pm

Re: Get public IP when router is behind NAT and gets private IP

Fri Aug 18, 2023 5:59 pm

There is a solution viewtopic.php?p=1019883
Last edited by K0NCTANT1N on Wed Aug 23, 2023 12:23 am, edited 1 time in total.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3043
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Get public IP when router is behind NAT and gets private IP

Fri Aug 18, 2023 6:21 pm

Thanks! You are owed a beverage.
Thought about doing my own BIND, but I need the availability of a hosted service.
You can run BIND9 in a container, there is an alpine package:
viewtopic.php?p=974364&hilit=BIND9#p974364
(You'd ideally want use a mount for the config files)

BIND9 supports RouterOS's /tool/dns-update (and the key-based security scheme).

Now your using AWS, Route53 DNS service be might cheaper (depending on number of zone...).
 
ConradPino
Member
Member
Posts: 337
Joined: Sat Jan 21, 2023 12:44 pm
Contact:

Re: Get public IP when router is behind NAT and gets private IP

Fri Aug 18, 2023 10:01 pm

@anav
Cp please explain, what can this be used for? Assuming its something in the amazon cloud? Can you put RoS on it (CHR?)
  • @Amm0 suggests AWS Route 53 ($0.50 monthly per domain) but IMO teaching RouterOS an AWS API is messy.
  • @Amm0 points out: BIND9 supports RouterOS's /tool/dns-update (and the key-based security scheme).
  • AWS has CHEAP Virtual Private Server (VPS) for Linux upon which a BIND 9 package can be installed.
  • IMO RouterOS CHR at AWS is doable two (2) ways:
    1. AWS Marketplace Cloud Hosted Router By MikroTik Latest Version: 6.44.3 is the easy install then update in place with RouterOS > System > Packages.
    2. RouterOS CHR later version single step install requires an image import. Consider the following document sections together:
  • RouterOS How to Install a virtual RouterOS system with CHR images
  • Amazon EC2 Export your VM from its virtualization environment
  • I'm not clear on CHR at AWS license terms but can say choose t3a.* over t2.* instance types for substantial savings.
  • IMO RouterOS at AWS is wasted money as Amazon Virtual Private Cloud (VPC) is free but requires substantial skill.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3043
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Get public IP when router is behind NAT and gets private IP

Fri Aug 18, 2023 10:41 pm

To be clear, I wasn't suggesting BIND9 or Route53 per se. There actually at the extremes of both in-house vs cloud...

Neither actually helps with determining the public IP behind a NAT, directly. ;)

I suggested /ip/cloud and a CNAME in your choice of DNS providers for the real domain. Most domain registrar include free DNS, so adding the CNAME there to the /ip/cloud name is dirt simple & free (other than cost of domain).
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3043
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Get public IP when router is behind NAT and gets private IP

Fri Aug 18, 2023 10:53 pm

but IMO teaching RouterOS an AWS API is messy.
Agree AWS is a beast. And, particular poor value for hosting a server like CHR since it pretty expense without contracts/etc.

FWIW, You can make AWS more RouterOS-friendly by using the MQTT instructions to register a "IoT Core Device" in AWS https://help.mikrotik.com/docs/pages/vi ... d=63045633
That gets you an X.509 certificate for a RouterOS device, which you can use in /tool/fetch to AWS API endpoints. While instructions refer to MQTT, the certificate can be tied to whatever API you want to allow the AWS side. Now that requires bunch of auth things in AWS IAM to allow the certificate issued to the Mikrotik to do things in various AWS & that's the hard/obtuse part. Not for the faint of heart – but once setup it just /tool/fetch with certificate= to use AWS.

But if you weren't using AWS before there be no reason to use it here.
 
ConradPino
Member
Member
Posts: 337
Joined: Sat Jan 21, 2023 12:44 pm
Contact:

Re: Get public IP when router is behind NAT and gets private IP

Sat Aug 19, 2023 6:07 am

@Amm0 Thank you! :)
 
sbotnick
just joined
Topic Author
Posts: 20
Joined: Fri Apr 21, 2017 10:54 pm

Re: Get public IP when router is behind NAT and gets private IP

Tue Aug 22, 2023 4:47 am

Good stuff about AWS.

Back to the original issue of the router getting the public IP when the router is on a private IP behind NAT.

Using the Mikrotik cloud DNS does pick up the public IP, but going to use the public IP doesn't seem to work with the get command:

This works:
[me@router] /ip cloud print
    ddns-enabled: yes
    ddns-update-interval: none
    update-time: yes
    public-address: 112.153.125.256
    dns-name: 0123456789ab.sn.mynetname.net
    status: updated
    warning: Router is behind a NAT. Remote connection might not work.
   
This does not on version: 7.10 or 7.11:
[me@router] /ip cloud get public-address 
[me@router] 
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3043
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Get public IP when router is behind NAT and gets private IP

Tue Aug 22, 2023 5:37 am

The "get" is for use in a variable or string... you can't use it directly on the CLI to "see" it, that's what "print" does. In script, you do something like this:
:put "My public IP is $[/ip cloud get public-address]"
or
{
    :local myPublic [/ip cloud get public-address]
    :put $myPublic
}
 
sbotnick
just joined
Topic Author
Posts: 20
Joined: Fri Apr 21, 2017 10:54 pm

Re: Get public IP when router is behind NAT and gets private IP

Fri Dec 08, 2023 4:57 am

Thanks for that, it works in my script. My script-fu is poor, hard to maintain it when you don't use it regularly.

Who is online

Users browsing this forum: vonbaron and 27 guests