hi
i configured a schedular NAT on my routers but until i dont disconnect the user manualy the service for the doesnt stop.
can any body help me?
Re: problem in schedular NAT
please explain in more details...
-
-
eghtedari2000
Frequent Visitor
- Posts: 85
- Joined:
Re: problem in schedular NAT
i have a free service for night that thet user is a local user in router the username is "night@night"please explain in more details...
this service is 2-7 a.m.
but when you connected from 2 A.M. till the admin kill the user manualy the user can use the service and doesnt stop automatically.
i configured in router that the NAT od that IP pool work from 2-7 A.M.
Re: problem in schedular NAT
Can you start _new_ downloads after the schedule expires, or is it just that connections started before it expired keep going even afterwards? NAT is only applied at the beginning of the connection and then read from a state table, the rule is not consulted again. Instead of scheduling the NAT rule try scheduling a firewall filter rule instead.
-
-
eghtedari2000
Frequent Visitor
- Posts: 85
- Joined:
Re: problem in schedular NAT
Dear friendCan you start _new_ downloads after the schedule expires, or is it just that connections started before it expired keep going even afterwards? NAT is only applied at the beginning of the connection and then read from a state table, the rule is not consulted again. Instead of scheduling the NAT rule try scheduling a firewall filter rule instead.
you are right, i start ping to 4.2.2.1 from 6:45 and after 7:00 i have ping but after 7:00 i wanted to ping yahoo.com it doesnt have ping.
can you guide me more about your offer?
Re: problem in schedular NAT
post your config. in general, you should do the same scheduler as for NAT, but for Firewall Filter with chain=forward
-
-
eghtedari2000
Frequent Visitor
- Posts: 85
- Joined:
Re: problem in schedular NAT
hipost your config. in general, you should do the same scheduler as for NAT, but for Firewall Filter with chain=forward
thanks alot
can you help me more about configuration that you said at top, aout schedular firewall and chain-forwars?
thanks
Re: problem in schedular NAT
post your config
-
-
eghtedari2000
Frequent Visitor
- Posts: 85
- Joined:
Re: problem in schedular NAT
Dear Friendpost your config
thanks alot for your support
which part of router s config do you need?
and you need that in terminal mode?
thanks
Re: problem in schedular NAT
this part of config, of coursei configured a schedular NAT
-
-
eghtedari2000
Frequent Visitor
- Posts: 85
- Joined:
Re: problem in schedular NAT
hithis part of config, of coursei configured a schedular NAT
i configured that via winbox, can you send me configuration for schedular firewall
thanks
Re: problem in schedular NAT
in Terminal, use 'export' command in any submenu (for example, '/ip firewall nat export')
-
-
eghtedari2000
Frequent Visitor
- Posts: 85
- Joined:
Re: problem in schedular NAT
in Terminal, use 'export' command in any submenu (for example, '/ip firewall nat export')
Dear Friend
Thanks alot from you and excuse me because of latency and ask much of questions from you because of i am not too expert
/ip firewall nat
add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.171.0/24 to-addresses=78.157.35.154
add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.132.0/24 src-address-type=unicast time=\
2h-7h,sun,mon,tue,wed,thu,fri,sat to-addresses=78.157.35.154
add action=src-nat chain=srcnat comment="" disabled=no src-address=172.16.1.0/24 to-addresses=78.157.35.154
add action=src-nat chain=srcnat comment="" disabled=no src-address=172.16.2.0/24 to-addresses=78.157.35.154
add action=src-nat chain=srcnat comment="" disabled=no src-address=172.16.3.0/24 to-addresses=78.157.35.154
thanks
Re: problem in schedular NAT
Remove the time constriction from the NAT line you marked red, and add the following to your firewall in a place that makes sense (if you aren't sure where that is post your "/ip firewall filter" ruleset):
Code: Select all
/ip firewall filter
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=0h-2h,sun,mon,tue,wed,thu,fri,sat
add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=7h-24h,sun,mon,tue,wed,thu,fri,sat -
-
eghtedari2000
Frequent Visitor
- Posts: 85
- Joined:
Re: problem in schedular NAT
ok, i will say you the resultRemove the time constriction from the NAT line you marked red, and add the following to your firewall in a place that makes sense (if you aren't sure where that is post your "/ip firewall filter" ruleset):Code: Select all/ip firewall filter add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=0h-2h,sun,mon,tue,wed,thu,fri,sat add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=7h-24h,sun,mon,tue,wed,thu,fri,sat
-
-
eghtedari2000
Frequent Visitor
- Posts: 85
- Joined:
Re: problem in schedular NAT
thanks alot dear friendok, i will say you the resultRemove the time constriction from the NAT line you marked red, and add the following to your firewall in a place that makes sense (if you aren't sure where that is post your "/ip firewall filter" ruleset):Code: Select all/ip firewall filter add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=0h-2h,sun,mon,tue,wed,thu,fri,sat add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=7h-24h,sun,mon,tue,wed,thu,fri,sat
it works good now
-
-
eghtedari2000
Frequent Visitor
- Posts: 85
- Joined:
Re: problem in schedular NAT
thanks alot for your help, my problem solved, i have some questions about GRE tunneling and privilage for user for view and write in the router. should i open new topic or you help me here?thanks alot dear friendok, i will say you the resultRemove the time constriction from the NAT line you marked red, and add the following to your firewall in a place that makes sense (if you aren't sure where that is post your "/ip firewall filter" ruleset):Code: Select all/ip firewall filter add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=0h-2h,sun,mon,tue,wed,thu,fri,sat add chain=forward action=drop disabled=no src-address=192.168.132.0/24 time=7h-24h,sun,mon,tue,wed,thu,fri,sat
it works good now
thanks