MikroTik

Community discussions
https://forum.mikrotik.com/

Add a dynamic address to address-list

https://forum.mikrotik.com/viewtopic.php?t=42834

Page 1 of 1

Add a dynamic address to address-list

Posted: Thu Jun 24, 2010 2:49 pm
by n2m
I need to add the address of the adsl interface (dynamic) to address-list.

I've tried to mark the new connection coming from that interface, but that doesn't work :( :
Code: Select all
chain=mark new unseen action=add-dst-to-address-list address-list=public 
     address-list-timeout=0s in-interface=ADSL
Also tried to use the script to get the address from the /ip address, and it works but has two problems:
1) I want the address list to be dynamic
2) The checkIP is not working, and therefore the address is constantly being added, even thought it exists
Here's the script:
Code: Select all
:local checkIP 0;
:local a
:foreach i in [/ip address find interface=ADSL] do={
  :set a [/ip address get $i address]
}
  :set checkIP [/ip firewall address-list pr count-only where address=$a]
  :if ($checkIP = 0) do={
  /ip firewall address-list add address=$a list=public
}
I would appreciate if someone could lead me to a solution to add the address to a list (preferably dynamic, since the address changes and i won't be needing to nat the pre-updated addresses that doesn't exist anymore after the address update).

Thank you :)

Re: Add a dynamic address to address-list

Posted: Thu Jun 24, 2010 3:26 pm
by Chupaka
mark the new connection coming from that interface
Code: Select all
/ip firewall mangle add chain=postrouting out-interface=ADSL action=add-src-to-address-list address-list=public
because only in postrouting you can see NATted address
use the script
try like this:
Code: Select all
:local checkIP 0
:local a
:foreach i in [/ip address find interface=ADSL] do={ :set a [/ip address get $i address] }
:foreach i in [/ip firewall address-list find address=$a] do={ :set checkIP 1 }
:if ($checkIP = 0) do={ /ip firewall address-list add address=$a list=public }

Re: Add a dynamic address to address-list

Posted: Thu Jun 24, 2010 4:05 pm
by n2m
Code: Select all
/ip firewall mangle add chain=postrouting out-interface=ADSL action=add-src-to-address-list address-list=public
because only in postrouting you can see NATted address
Actually this adds the private ips of the hosts connected to router, i need the public ip of the interface, so using this:
Code: Select all
chain=prerouting action=add-dst-to-address-list address-list=public in-interface=ADSL
or
Code: Select all
chain=input action=add-dst-to-address-list address-list=public in-interface=ADSL
it works, it adds the dynamic ip of the interface, but i'm not sure if any of these rules affects other mangle rules for load balancing!?
Code: Select all
[x@x]/ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=input action=add-dst-to-address-list address-list=public 
     address-list-timeout=0s in-interface=ADSL 

       or

 1  chain=prerouting action=add-dst-to-address-list address-list=public
     address-list-timeout=0s in-interface=ADSL 

 2 X chain=mark new unseen action=add-src-to-address-list address-list=ptk 
     address-list-timeout=0s in-interface=ADSL 

 3 X chain=mark new unseen action=add-dst-to-address-list address-list=local 
     address-list-timeout=0s in-interface=ADSL 

 4   chain=mark new unseen action=add-src-to-address-list address-list=first 
     address-list-timeout=0s nth=2,1 

 5   chain=mark new unseen action=add-src-to-address-list address-list=second 
     address-list-timeout=0s nth=2,2 

 6   chain=mark new unseen action=add-src-to-address-list address-list=seen 
     address-list-timeout=0s 

 7   chain=mark new unseen action=jump jump-target=mark connection 

 8   chain=mark connection action=mark-connection new-connection-mark=first_conn 
     passthrough=yes src-address-list=first 

 9   chain=mark connection action=mark-connection new-connection-mark=second_con>
     passthrough=yes src-address-list=second 

10   chain=mark connection action=mark-routing new-routing-mark=first 
     passthrough=no connection-mark=first_conn 

11   chain=mark connection action=mark-routing new-routing-mark=second 
     passthrough=no connection-mark=second_conn 

12   chain=prerouting action=mark-routing new-routing-mark=first passthrough=no 
     src-address-list=first connection-mark=first_conn 

13   chain=prerouting action=mark-routing new-routing-mark=second passthrough=no 
     src-address-list=second connection-mark=second_conn 

14   chain=prerouting action=jump jump-target=mark connection 
     connection-state=new src-address-list=local dst-address-list=!local 

15   chain=prerouting action=jump jump-target=mark new unseen 
     connection-state=new src-address-list=local dst-address-list=!local
try like this:
Code: Select all
:local checkIP 0
:local a
:foreach i in [/ip address find interface=ADSL] do={ :set a [/ip address get $i address] }
:foreach i in [/ip firewall address-list find address=$a] do={ :set checkIP 1 }
:if ($checkIP = 0) do={ /ip firewall address-list add address=$a list=public }
it doesn't work, it keeps adding the ip over and over.

Thanks :)

Re: Add a dynamic address to address-list

Posted: Thu Jun 24, 2010 4:32 pm
by Chupaka
Actually this adds the private ips of the hosts connected to router, i need the public ip of the interface, so using this:
Code: Select all
chain=prerouting action=add-dst-to-address-list address-list=public in-interface=ADSL
or
Code: Select all
chain=input action=add-dst-to-address-list address-list=public in-interface=ADSL
it works, it adds the dynamic ip of the interface, but i'm not sure if any of these rules affects other mangle rules for load balancing!?
yeah, sorry, you need to use prerouting %)

more correct way is the following:
Code: Select all
/ip firewall mangle add chain=prerouting in-interface=ADSL dst-address-type=local action=add-dst-to-address-list address-list=public
i'm not sure if any of these rules affects other mangle rules for load balancing!?
no, after adding to address list, the rest rules are processed, so it doesn't change the workflow, just adds an address
try like this:
Code: Select all
:local checkIP 0
:local a
:foreach i in [/ip address find interface=ADSL] do={ :set a [/ip address get $i address] }
:foreach i in [/ip firewall address-list find address=$a] do={ :set checkIP 1 }
:if ($checkIP = 0) do={ /ip firewall address-list add address=$a list=public }
it doesn't work, it keeps adding the ip over and over.
got it. that's because /ip address is with mask (/32), and address list skips /32. just add
Code: Select all
:set a [:pick $a 0 [:find $a "/"]]
between 3rd and 4th lines

Re: Add a dynamic address to address-list

Posted: Thu Jun 24, 2010 5:03 pm
by n2m
Both solutions working like a charm :). Thanks ;)
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/