Community discussions

MikroTik App
 
adlar
just joined
Topic Author
Posts: 24
Joined: Tue Aug 09, 2022 7:47 am

Is there a way to send customized packets between mikrotik routers

Thu Nov 10, 2022 1:52 am

I have two routers in public internet and add strict firewall rules that drop any traffic from unknown source address. Router A has dynamic pppoe ip address got from ISP. I want to notify the new address immediately to Router B whenever the ip is changed. So I need a knock-door mechanism such like sending a particular size packet to a predefined port. I found the traceroute tool may match my request, but it is time consuming for me. DDNS is also not a real-time solution. Does mikrotik have direct sending customized packet method?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Is there a way to send customized packets between mikrotik routers

Thu Nov 10, 2022 3:03 am

I hope I'm not forgetting some proper tool, but assuming I'm not, you have new enough RouterOS and don't mind ugly hacks, then something can be done:
/ip dns static
add type=FWD name=knock match-subdomain=yes forward-to=<Router B>
/ip firewall nat
add chain=output dst-address=<Router B> protocol=udp dst-port=53 action=dst-nat to-ports=12345
/ip firewall mangle
add chain=postrouting dst-address=<Router B> action=log log-prefix=knock comment="just for testing"
Then try to resolve some fake DNS name (length influences packet size):
:resolve x.knock
:resolve xx.knock
:resolve xxx.knock
And you'll get your packets:
01:51:47 firewall,info knock postrouting: ... proto UDP, a.a.a.a:xxx->b.b.b.b:12345, NAT a.a.a.a:xxx->(b.b.b.b:53->b.b.b.b:12345), len 53
...
01:51:59 firewall,info knock postrouting: ... proto UDP, a.a.a.a:yyy->b.b.b.b:12345, NAT a.a.a.a:yyy->(b.b.b.b:53->b.b.b.b:12345), len 54
...
01:52:11 firewall,info knock postrouting: ... proto UDP, a.a.a.a:zzz->b.b.b.b:12345, NAT a.a.a.a:zzz->(b.b.b.b:53->b.b.b.b:12345), len 55
...
There will be five, not just one, but let's call it a wanted bonus, in case one would get lost. :)
 
adlar
just joined
Topic Author
Posts: 24
Joined: Tue Aug 09, 2022 7:47 am

Re: Is there a way to send customized packets between mikrotik routers

Thu Nov 10, 2022 6:05 am

I hope I'm not forgetting some proper tool, but assuming I'm not, you have new enough RouterOS and don't mind ugly hacks, then something can be done:
/ip dns static
add type=FWD name=knock match-subdomain=yes forward-to=<Router B>
/ip firewall nat
add chain=output dst-address=<Router B> protocol=udp dst-port=53 action=dst-nat to-ports=12345
/ip firewall mangle
add chain=postrouting dst-address=<Router B> action=log log-prefix=knock comment="just for testing"
Then try to resolve some fake DNS name (length influences packet size):
:resolve x.knock
:resolve xx.knock
:resolve xxx.knock
And you'll get your packets:
01:51:47 firewall,info knock postrouting: ... proto UDP, a.a.a.a:xxx->b.b.b.b:12345, NAT a.a.a.a:xxx->(b.b.b.b:53->b.b.b.b:12345), len 53
...
01:51:59 firewall,info knock postrouting: ... proto UDP, a.a.a.a:yyy->b.b.b.b:12345, NAT a.a.a.a:yyy->(b.b.b.b:53->b.b.b.b:12345), len 54
...
01:52:11 firewall,info knock postrouting: ... proto UDP, a.a.a.a:zzz->b.b.b.b:12345, NAT a.a.a.a:zzz->(b.b.b.b:53->b.b.b.b:12345), len 55
...
There will be five, not just one, but let's call it a wanted bonus, in case one would get lost. :)
Wow,it is a good idea! I will try :)
 
adlar
just joined
Topic Author
Posts: 24
Joined: Tue Aug 09, 2022 7:47 am

Re: Is there a way to send customized packets between mikrotik routers

Thu Nov 10, 2022 8:07 am

I hope I'm not forgetting some proper tool, but assuming I'm not, you have new enough RouterOS and don't mind ugly hacks, then something can be done:
/ip dns static
add type=FWD name=knock match-subdomain=yes forward-to=<Router B>
/ip firewall nat
add chain=output dst-address=<Router B> protocol=udp dst-port=53 action=dst-nat to-ports=12345
/ip firewall mangle
add chain=postrouting dst-address=<Router B> action=log log-prefix=knock comment="just for testing"
Then try to resolve some fake DNS name (length influences packet size):
:resolve x.knock
:resolve xx.knock
:resolve xxx.knock
And you'll get your packets:
01:51:47 firewall,info knock postrouting: ... proto UDP, a.a.a.a:xxx->b.b.b.b:12345, NAT a.a.a.a:xxx->(b.b.b.b:53->b.b.b.b:12345), len 53
...
01:51:59 firewall,info knock postrouting: ... proto UDP, a.a.a.a:yyy->b.b.b.b:12345, NAT a.a.a.a:yyy->(b.b.b.b:53->b.b.b.b:12345), len 54
...
01:52:11 firewall,info knock postrouting: ... proto UDP, a.a.a.a:zzz->b.b.b.b:12345, NAT a.a.a.a:zzz->(b.b.b.b:53->b.b.b.b:12345), len 55
...
There will be five, not just one, but let's call it a wanted bonus, in case one would get lost. :)
As your direct,I wrote a knock function. It works. Thank you.
:global knockSvr do={
	/resolve knock.door server=$dst_svr server-port=$dst_port
}
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Is there a way to send customized packets between mikrotik routers

Thu Nov 10, 2022 11:55 am

Nice. I didn't know (or forgot? I'm not sure) that resolve supports different port.

Who is online

Users browsing this forum: Google [Bot] and 88 guests