Community discussions

MikroTik App
 
nimda
just joined
Topic Author
Posts: 9
Joined: Thu Dec 15, 2022 1:11 pm

Edit specific NAT rule

Thu May 18, 2023 3:08 pm

The command doesn't work.
/ip firewall nat set [/ip firewall nat find out-interface=l2tp-out1 ] disabled=yes

/ip firewall nat set [find out-interface=l2tp-out1] disabled=yes

```
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=l2tp-out1
[admin@821] /ip firewall nat> /ip firewall nat set [find out-interface=l2tp-out1] disabled=yes
[admin@821] /ip firewall nat> export
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=l2tp-out1
[admin@821] /ip firewall nat>
```
Where is the mistake?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Edit specific NAT rule

Thu May 18, 2023 3:33 pm

Where is the mistake?
Buying an MT router?
Not taking a training course?

Try the rule ENABLED! ;-)

The command doesn't work.
/ip firewall nat set [/ip firewall nat find out-interface=l2tp-out1] disabled=yes
/ip firewall nat set [find out-interface=l2tp-out1] disabled=yes
 
nimda
just joined
Topic Author
Posts: 9
Joined: Thu Dec 15, 2022 1:11 pm

Re: Edit specific NAT rule

Thu May 18, 2023 5:08 pm

How is this command written correctly?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Edit specific NAT rule

Thu May 18, 2023 5:17 pm

Sorry I dont write commands.....

I go into winbox and make config change
 
nimda
just joined
Topic Author
Posts: 9
Joined: Thu Dec 15, 2022 1:11 pm

Re: Edit specific NAT rule

Thu May 18, 2023 5:23 pm

With this, the following command works correctly.

/ip firewall nat set [find dynamic=no] disabled=yes

but not these

/ip firewall nat set [find out-interface=l2tp-out1] disabled=yes
/ip firewall nat set [/ip firewall nat find out-interface=l2tp-out1] disabled=yes
/ip firewall nat set [find where out-interface=l2tp-out1] disabled=yes
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Edit specific NAT rule

Thu May 18, 2023 7:02 pm

what is l2tp-out1, a "system something"?
If not, why you do not use " "?
# disable
/ip firewall nat
disable [find where out-interface="l2tp-out1" and disabled=no]

# enable
/ip firewall nat
enable [find where out-interface="l2tp-out1" and disabled=yes]
Offtopic:
Even if then there is to understand why you want to deactivate exactly that rule....
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Edit specific NAT rule

Thu May 18, 2023 8:33 pm

To make rextended points clear........ Imagine software on the spaceship......

disable <----- NONSENSICAL
/ip firewall nat
disable [find where dst-location="earth-home" and disabled=no]

enable
Logical.......
/ip firewall nat
enable [find where dst-location="earth-home" and disabled=yes

Who is online

Users browsing this forum: No registered users and 38 guests