Community discussions

MikroTik App
 
User avatar
leemans
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Thu Apr 07, 2005 12:55 am
Location: Belgium
Contact:

IP Firewall NAT Script to change out-interface

Thu Jul 21, 2022 2:31 pm

Hi All,
I need a script which gets the out-interface in a Firewall NAT rule into the CurrentOutInterface and then compare it with the CorrectOutInterface.
When the Interfaces doesn't match the out-interface in the NAT rule must be updated with the correct one.
The issue that I have is on the second line... can't get the out-interface value into the variable CurrentOutInterface.

:local CorrectOutInterface "<l2tp-Equispirit.Horses>";
:local CurrentOutInterface [/ip firewall nat get [find where comment="Scripted - Mask VPN data / L2TP Equi Interface will be added by Script !!!"]] out-interface];

:if ($CurrentOutInterface != $CorrectOutInterface) do={
/ip firewall nat set [find where comment="Scripted - Mask VPN data / L2TP Equi Interface will be added by Script !!!" ] out-interface=<l2tp-Equispirit.Horses>
***
Can somebody help to fix this issue.
Thanks P.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: IP Firewall NAT Script to change out-interface

Thu Jul 21, 2022 2:59 pm

But why do you need to change the out interfaces ?
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: IP Firewall NAT Script to change out-interface

Thu Jul 21, 2022 6:42 pm

outgoing interface decision is a matter of routing, when you do src-NAT you only make address translation, when you do dst-NAT you change destination adress which can in fact changes outgoing interface but this really depends of routing table
 
FramJamesgot
just joined
Posts: 2
Joined: Tue Jun 28, 2022 3:05 pm

Re: IP Firewall NAT Script to change out-interface

Fri Jul 22, 2022 9:59 am

I'm currently using a dynamic DNS to accomplish this so external requests will hit a domain supplied by dynamic DNS and if the IP assigned to this domain goes down, I issue a command to update/switch the IP to the other interface. do you have a more elegant way of handling this?
 
User avatar
leemans
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Thu Apr 07, 2005 12:55 am
Location: Belgium
Contact:

Re: IP Firewall NAT Script to change out-interface

Wed Aug 10, 2022 11:03 am

I need this out-interface because when the IP changes on the LTE device I lose the port in the bridge of my Router where to the LTE device makes VPN connection to.
When the L2TP connection is back up the interface does not automatically appears back in the bridge of my Router, it stays unknown until I update this record with the correct interface name.

Who is online

Users browsing this forum: No registered users and 16 guests