ip firewall nat
add action=src-nat chain=srcnat comment="" disabled=no src-address=192.168.11.0/24 to-addresses=8.8.8.135

please help create script:
IP adress 8.8.8.129 be it oneself RANDOM change from area 8.8.8.129/25 every hour
thanks.

Hello
This is for the Routeros cannot achieve However, you can create a rule for different to-addresses
Opening and closing to achieve through script

use option masquerade, is used for conection dynamic.

src-nat is used for conection static

thanks for answer. please example for rules and script. i am beginner. tnx

first you must add a rules for:

the code mean is:
every hour the to-addresses be set to
8.8.8.129
8.8.8.130
8.8.8.131
8.8.8.132
8.8.8.133.....until to 8.8.8.254
if ithe to-addresses is 8.8.8.254
the code will set to-addresses is 8.8.8.129 restart

ROS cannot be set random address but You can set different address per hour if you use the code

thank you very much, script working perfect.
good job.

how do you apply this code ?

:do {
#set rules comment
:local com "1"
#set start count
:local start "129"
#set ip address prefix
:local prefix "8.8.8."
/ip firewall nat
:foreach a in=[find comment=$com] do={
:local cuip [get $a to-addresses]
:local aa [:pick $cuip 6 9]
:if ($aa!="254") do={
:local bb ($aa+1)
set $a to-addresses=($prefix.$bb)
}
:if ($aa="254") do={
:local bb $start
set $a to-addresses=($prefix.$bb)
}}}

first you must add a rules for:

Code: Select all

/ip firewall nat
add action=src-nat chain=srcnat comment=1 disabled=no src-address=192.168.11.0/24 to-addresses=8.8.8.129

Code: Select all

:do {
#set rules comment
:local com  "1"
#set start count
:local start "129"
#set ip address prefix
:local prefix "8.8.8."
/ip firewall nat
:foreach a in=[find comment=$com] do={
:local cuip [get $a to-addresses]
:local aa [:pick $cuip 6 9]
:if ($aa!="254") do={
:local bb ($aa+1)
set $a to-addresses=($prefix.$bb)
}
:if ($aa="254") do={
:local bb $start
set $a to-addresses=($prefix.$bb)
}}}

the code is working perfect when to-address is 8.8.8.
but when we change the ipaddress to 192.168.16. then code is unable change the yo-address.

Kindly check the code.
tested on CCR-1009 with 6.29 version

Thanks

The problem here is with pick command - picking from 6th digit to 9th digit works fine with "8.8.8.x" but it fails with higher IPs because starting from 6th to 9th digit for IP "192.168.16.x" will give you different output (6.1)

Best solution is to use Bitwise operators to only take specific part of IP

For example:
{
:local IP 8.8.8.8
:put (($IP&0.0.0.255))
}

will always give you last 8 bits of IP.

Here is working code for all IP formats:




{
:local com "1"
:local cuip
:local start "129"
:local end
:local endNum
:local first
:local firstNum
:local nextIP

:while (true) do={
:delay 60m;
:foreach a in=[/ip firewall nat find where comment=$com] do={
:set $cuip [/ip firewall nat get $a to-addresses];

###Get last
:set $end ($cuip&0.0.0.255);
:set $first ($cuip&255.255.255.0);

:set $endNum [:pick $end 6 ([:len $end])];
:set $firstNum [:pick $first 0 ([:len $first]-2)];

:if ($endNum>=129 && $endNum<=253) do={:set $endNum ($endNum +1);}
:if ($endNum=254) do={:set $endNum $start;}

:set $nextIP ($firstNum.".".$endNum);
/ip firewall nat set $a to-addresses="$nextIP";
}
}
}


This script will change all NAT rules with comment="1", changing to-address end from 129-253

It will not change to-address if IP end is less then 129

Very cool!!!

IMHO, this should be documented in the Wiki, preferably with some example like that. Right now, the bitwise operators give off the impression they work only for integers, and not between two IPs (which I understand are treated as integers "under the hood", but still - the fact this treatment takes place is not intuitive).

Code: Select all

$IP&0.0.0.255

Very cool!!!

IMHO, this should be documented in the Wiki, preferably with some example like that. Right now, the bitwise operators give off the impression they work only for integers, and not between two IPs (which I understand are treated as integers "under the hood", but still - the fact this treatment takes place is not intuitive).

Yes this will work with both, Integer and IP data types. ok thank's I will add some examples in wiki.

The problem here is with pick command - picking from 6th digit to 9th digit works fine with "8.8.8.x" but it fails with higher IPs because starting from 6th to 9th digit for IP "192.168.16.x" will give you different output (6.1)

Best solution is to use Bitwise operators to only take specific part of IP

For example:
{
:local IP 8.8.8.8
:put (($IP&0.0.0.255))
}

will always give you last 8 bits of IP.

Here is working code for all IP formats:




{
:local com "1"
:local cuip
:local start "129"
:local end
:local endNum
:local first
:local firstNum
:local nextIP

:while (true) do={
:delay 60m;
:foreach a in=[/ip firewall nat find where comment=$com] do={
:set $cuip [/ip firewall nat get $a to-addresses];

###Get last
:set $end ($cuip&0.0.0.255);
:set $first ($cuip&255.255.255.0);

:set $endNum [:pick $end 6 ([:len $end])];
:set $firstNum [:pick $first 0 ([:len $first]-2)];

:if ($endNum>=129 && $endNum<=253) do={:set $endNum ($endNum +1);}
:if ($endNum=254) do={:set $endNum $start;}

:set $nextIP ($firstNum.".".$endNum);
/ip firewall nat set $a to-addresses="$nextIP";
}
}
}


This script will change all NAT rules with comment="1", changing to-address end from 129-253

It will not change to-address if IP end is less then 129

Hello Mr.PaulsMT,
Thanks for your quick reply.
the above script is perfectly working.

Can any help to provide script to change IP last digit from 10-254 and will reset back to 1 after .254

We would like to do this to different set of IP block not only 8.8.8.x

Why would some change public ip?
This will just give a range of non used IPv4 address that we do not have a lot of.