Community discussions

MikroTik App
 
wgrando1993
just joined
Topic Author
Posts: 11
Joined: Tue Oct 25, 2016 3:45 pm

Dynamic NAT Kill

Mon Oct 24, 2022 5:11 pm

Hi Guys;

A Simple method to help us a KILL the masquerade, same in dynamic links with pppoe and dhcp-client.
i hope usefull

Requirements to use:
1 - Using interface-lists to set the links (if you dont have, use the original interface)
2 - Creating a separate profile on PPPs (To using a lease-script) * Only in PPPoE type

STEP 1: creating interface-list and adding it
/interface list add name=link1
/interface list member add interface=<your_public_interface> list=link1
STEP 2: creating a NAT rule
/ip firewall nat add action=src-nat chain=srcnat comment=LINK1 out-interface-list=link1 src-address-list=grant-nat to-addresses=<your_public_ip>
STEP 3: adding a local network properly to NATTing
/ip firewall address-list add address=<your_public_network> list=grant-nat

--

STEP 4: For pppoe service
In ppp/profiles duplicates a default or create a new profile name link1, after, in Scripts TAB paste code
{
:local gatewayadd $"remote-address";
:local ipadd $"local-address";
:log warning "Link 1 address: {$ipadd}";
:log warning "Link 1 gateway: {$gatewayadd}";
[/ip firewall nat set [find comment~"LINK1"] to-addresses="$ipadd"];
}
now, in your pppoe-client connection, set the profile to link1, apply, ok

STEP 4: For dhcp-client
In dhcp-client, you need to pasta script on tab Advanced/Script: on desired interface in /ip/dhcp-client/
:if ($bound=1) do={
:local gatewayadd $"gateway-address";
:local ipadd $"lease-address";
:log warning "Link 1 address: {$ipadd}";
:log warning "Link 1 gateway: {$gatewayadd}";
[/ip firewall nat set [find comment~"LINK1"] to-addresses="$ipadd"];
}


Extra TIPs:
1 - Please, dont use "PAP" autentication on PPPoE conenction, is a text-plan method, is not secure.
2 - This method is 100% adaptable to use a multiple links with simple changes
3 - The use of interface-lists helps in simplified configuration in different locations within the routerOS, such as NAT, Filter, Mangle.
4 - The use of address-lists makes the use of NAT more efficient, where the router masks only what is relevant and no longer all the traffic.

William F.M. Grando
Regards
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Dynamic NAT Kill

Mon Oct 24, 2022 5:39 pm

I do not like this.
Useless scams to do a very simple thing with a single NAT rule.

If you have only one IP on your pppoe-client or dhcp-client, and only one pool of Internal IPs, all is useless:
/ip firewall nat
add chain=srcnat action=masquerade comment="Internal NAT" out-interface=<OUT-INTERFACE> src-address-list=192.168.0.0/24

Who is online

Users browsing this forum: No registered users and 17 guests