Last active
July 19, 2022 02:53
-
-
Save neroxps/105a59e462a390cf867aba8cf8e96a03 to your computer and use it in GitHub Desktop.
Mikrotik
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Support multiple wan port mapping | |
# 1. Configure the firewall and change the LAN address (192.168.2.2) | |
# 2. Add the update_wanip script. | |
# 3. Execute once a minute update_wanip | |
/ip firewall nat | |
add action=dst-nat chain=dstnat comment=https dst-port=1443 protocol=tcp to-addresses=192.168.2.2 to-ports=443 | |
add action=dst-nat chain=dstnat comment="https loopback dnat" dst-address-list=wan-ip dst-port=1443 log-prefix=loopback protocol=tcp \ | |
src-address-list=lan-ip to-addresses=192.168.2.2 to-ports=443 | |
# loopback needs masquerade | |
add action=masquerade chain=srcnat comment="https loopback masquerade" dst-address=192.168.2.2 dst-port=443 \ | |
protocol=tcp src-address-list=lan-ip | |
/ip firewall address-list | |
add address=192.168.2.0/16 list=lan-ip | |
# add update_wanip script | |
/system script | |
add dont-require-permissions=no name=update_wanip owner=admin policy=\ | |
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ | |
local PPPOEINTERFACES [/interface pppoe-client print as-value]\r\ | |
\n:local LISTNAME \"wan-ip\"\r\ | |
\nif ([:len \$PPPOEINTERFACES] = 0) do={\r\ | |
\n :error \"pppoe interface not found!\"\r\ | |
\n}\r\ | |
\n\r\ | |
\n# check ip in list\r\ | |
\n:local ifIpInList do={\r\ | |
\n :local listname \$1;\r\ | |
\n :local ipAddress \$2;\r\ | |
\n :foreach id in=[/ip firewall address-list find where list=\$listname\ | |
] do={\r\ | |
\n :local listIpAddr [/ip firewall address-list get \$id address]\r\ | |
\n if (\$ipAddress = \$listIpAddr) do={\r\ | |
\n return true\r\ | |
\n }\r\ | |
\n }\r\ | |
\n return false\r\ | |
\n}\r\ | |
\n\r\ | |
\n:for i from=0 to=([:len \$PPPOEINTERFACES] - 1) do={\r\ | |
\n :local interfaceName (\$PPPOEINTERFACES->\$i->\"name\")\r\ | |
\n :local currentIP [/ip address get [find interface=\$interfaceName] \ | |
address]\r\ | |
\n :set currentIP [:pick \$currentIP 0 [:find \$currentIP \"/\"]];\r\ | |
\n if (! [\$ifIpInList \$LISTNAME \$currentIP]) do={\r\ | |
\n :put \"Add interface:\$interfaceName ip:\$currentIP to address-l\ | |
ist:\$LISTNAME.\"\r\ | |
\n # Interface address not in the list\r\ | |
\n if ([:len [/ip firewall address-list find where ( comment=\$inte\ | |
rfaceName list=\$LISTNAME)]] = 0) do={\r\ | |
\n :put \"add\"\r\ | |
\n /ip firewall address-list add list=\$LISTNAME address=\$curr\ | |
entIP comment=\$interfaceName\r\ | |
\n } else={\r\ | |
\n :put \"set\"\r\ | |
\n /ip firewall address-list set [ find list=\$LISTNAME comment\ | |
=\$interfaceName] address=\$currentIP \r\ | |
\n }\r\ | |
\n } else={\r\ | |
\n :put \"No change in interface(\$interfaceName) address\"\r\ | |
\n }\r\ | |
\n}" | |
# Execute once a minute update_wanip | |
/system scheduler | |
add interval=1m name=update_wanip on-event=update_wanip policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment