Dynamic NAT Kill
Posted: Mon Oct 24, 2022 5:11 pm
Hi Guys;
A Simple method to help us a KILL the masquerade, same in dynamic links with pppoe and dhcp-client.
i hope usefull
Requirements to use:
1 - Using interface-lists to set the links (if you dont have, use the original interface)
2 - Creating a separate profile on PPPs (To using a lease-script) * Only in PPPoE type
STEP 1: creating interface-list and adding it
STEP 2: creating a NAT rule
STEP 3: adding a local network properly to NATTing
--
STEP 4: For pppoe service
In ppp/profiles duplicates a default or create a new profile name link1, after, in Scripts TAB paste code
now, in your pppoe-client connection, set the profile to link1, apply, ok
STEP 4: For dhcp-client
In dhcp-client, you need to pasta script on tab Advanced/Script: on desired interface in /ip/dhcp-client/
Extra TIPs:
1 - Please, dont use "PAP" autentication on PPPoE conenction, is a text-plan method, is not secure.
2 - This method is 100% adaptable to use a multiple links with simple changes
3 - The use of interface-lists helps in simplified configuration in different locations within the routerOS, such as NAT, Filter, Mangle.
4 - The use of address-lists makes the use of NAT more efficient, where the router masks only what is relevant and no longer all the traffic.
William F.M. Grando
Regards
A Simple method to help us a KILL the masquerade, same in dynamic links with pppoe and dhcp-client.
i hope usefull
Requirements to use:
1 - Using interface-lists to set the links (if you dont have, use the original interface)
2 - Creating a separate profile on PPPs (To using a lease-script) * Only in PPPoE type
STEP 1: creating interface-list and adding it
Code: Select all
/interface list add name=link1
/interface list member add interface=<your_public_interface> list=link1
Code: Select all
/ip firewall nat add action=src-nat chain=srcnat comment=LINK1 out-interface-list=link1 src-address-list=grant-nat to-addresses=<your_public_ip>
Code: Select all
/ip firewall address-list add address=<your_public_network> list=grant-nat
--
STEP 4: For pppoe service
In ppp/profiles duplicates a default or create a new profile name link1, after, in Scripts TAB paste code
Code: Select all
{
:local gatewayadd $"remote-address";
:local ipadd $"local-address";
:log warning "Link 1 address: {$ipadd}";
:log warning "Link 1 gateway: {$gatewayadd}";
[/ip firewall nat set [find comment~"LINK1"] to-addresses="$ipadd"];
}
STEP 4: For dhcp-client
In dhcp-client, you need to pasta script on tab Advanced/Script: on desired interface in /ip/dhcp-client/
Code: Select all
:if ($bound=1) do={
:local gatewayadd $"gateway-address";
:local ipadd $"lease-address";
:log warning "Link 1 address: {$ipadd}";
:log warning "Link 1 gateway: {$gatewayadd}";
[/ip firewall nat set [find comment~"LINK1"] to-addresses="$ipadd"];
}
Extra TIPs:
1 - Please, dont use "PAP" autentication on PPPoE conenction, is a text-plan method, is not secure.
2 - This method is 100% adaptable to use a multiple links with simple changes
3 - The use of interface-lists helps in simplified configuration in different locations within the routerOS, such as NAT, Filter, Mangle.
4 - The use of address-lists makes the use of NAT more efficient, where the router masks only what is relevant and no longer all the traffic.
William F.M. Grando
Regards