Here are how to do it.
1. Make the nat rule you like with the comment same as the user name.
192.1168.1.8 = your public ip. (Nat rules may be adopted to your situation)
1.1.1.1 = dummy IP that will be changed
hanson = pppoe user name that you like to give NAT for
/ip firewall nat
add action=dst-nat chain=dstnat comment=hanson dst-address=192.1168.1.8 dst-port=80 protocol=tcp to-addresses=1.1.1.1
2. Than add this code to the
ppp->profiles->profile you user for your pppoeclients->scripts->on up
:if ($user = "hanson") do={
/ip firewall nat set [find where comment="hanson "] to-addresses=$"remote-address"
:log info message="NAT IP for user=\"$user\" changed"
}
This will then set the IP for the PPPoE client to the remote IP he did get when connected.
I only did a simple test, so some adjustment may be required.
If more than one needs this type of dynamic NAT, just repeat the script like this:
:if ($user = "hanson") do={
/ip firewall nat set [find where comment="hanson "] to-addresses=$"remote-address"
:log info message="NAT IP for user=\"$user\" changed"
}
:if ($user = "elvis") do={
/ip firewall nat set [find where comment="elivs"] to-addresses=$"remote-address"
:log info message="NAT IP for user=\"$user\" changed"
}
PS. they must have different ports, so a port can only be forwarded to one user.
Note. What gave me some headache was the variable
remote-address. I could not get it to work, but after lots of googling find out that you need to quote it like this
$"remote-address". A better approach would be to not use - in variable or support bash format like this
${remote-address}. Old documentation found here:
https://wiki.mikrotik.com/wiki/Manual:PPP_AAA
----------------------------------------------------------------------------------------
Use
Splunk> to log/monitor your
MikroTik Router(s). See link below.
MikroTik->Splunk