Port forwarding with dynamic WAN IP
I have a 450G running 5.0 and my internet service that provides a dynamic IP. I also have several ports forward to an internal computer. My question is how do I go about settings these up so they don't get messed up every time my WAN IP changes? I read through the wiki, and it states you have to specify a dst-address. I can do this for the IP I have right now, but what happens when it changes? Do I have to go through every rule and update it? Am I missing something very simple?
Re: Port forwarding with dynamic WAN IP
Remove the dst-address and add in-interface=wan, replacing wan with your ISP facing interface name.
Re: Port forwarding with dynamic WAN IP
Don't know why but this can’t work for me.Remove the dst-address and add in-interface=wan, replacing wan with your ISP facing interface name.
I’m novice in Microtik os and it’s hard to find ready-made solution for dynamic IP redirection and the other one hundred questions about Microtik os.
Today I tried experimentally modify this command above and, find that it's work only when I:
remove the dst-address and add dst.address list (name from firewall address-list)
So next step was how to put actual ip address from wan interface to firewall address-list?
I use DynDns.com service and some script which renew my domain address ip.
So I started to combine how to modify the script.
And here is the solution
Code: Select all
# Set needed variables
:local username "user"
:local password "password"
:local hostname "mydomain_in_dyndns.net"
:global systemname [/system identity get name]
:if ($systemname = "Site1" ) do= {
:set hostname "mydomain_in_dyndns.net"
}
:if ($systemname = "Site2" ) do= {
:set hostname "mydomain1_in_dyndns.net"
}
:if ($systemname = "Site3" ) do= {
:set hostname "mydomain2_in_dyndns.net"
}
:global dyndnsForce
:global previousIP
# print some debug info
:log info ("UpdateDynDNS: username = $username")
:log info ("UpdateDynDNS: password = $password")
:log info ("UpdateDynDNS: hostname = $hostname")
:log info ("UpdateDynDNS: previousIP = $previousIP")
# get the current IP address from the internet (in case of double-nat)
/tool fetch mode=http address="checkip.dyndns.org" src-path="/" dst-path="/dyndns.checkip.html"
:local result [/file get dyndns.checkip.html contents]
# parse the current IP result
:local resultLen [:len $result]
:local startLoc [:find $result ": " -1]
:set startLoc ($startLoc + 2)
:local endLoc [:find $result "</body>" -1]
:local currentIP [:pick $result $startLoc $endLoc]
:log info "UpdateDynDNS: currentIP = $currentIP"
# Remove the # on next line to force an update every single time - useful for debugging,
# but you could end up getting blacklisted by DynDNS!
#:set dyndnsForce true
# Determine if dyndns update is needed
# more dyndns updater request details available at http://www.dyndns.com/developers/specs/syntax.html
:if (($currentIP != $previousIP) || ($dyndnsForce = true)) do={
:set dyndnsForce false
:set previousIP $currentIP
/tool fetch user=$username password=$password mode=http address="members.dyndns.org" \
src-path="/nic/update?hostname=$hostname&myip=$currentIP" dst-path="/dyndns.txt"
:local result [/file get dyndns.txt contents]
:log info ("UpdateDynDNS: Dyndns update needed")
:log info ("UpdateDynDNS: Dyndns Update Result: ".$result)
:put ("Dyndns Update Result: ".$result)
#Erase name from firewall address list
/ip firewall address-list
:foreach i in=[find list="current_IP"] do=[remove $i]
#New adrdres to
/ip firewall address-list add address=$currentIP list=current_IP
} else={
:log info ("UpdateDynDNS: No dyndns update needed")
}
You can easily update all your multiple firewall NAT rules
by removing the dst-address and add dst. address-list=current_IP
here is example which redirect wan port nr.80 to host with ip 192.168.0.10 behind NAT
Code: Select all
ip firewall nat add chain=dstnat dst-port=80 action=dst-nat protocol=tcp dst-address-list=current_IP to-addresses=192.168.0.10 to-ports=80Re: Port forwarding with dynamic WAN IP
Try removing the dst-address-list parameter and add dst-address-type=local. That may also work, and would be simpler and wouldn't require a script.
Though I'm puzzled why in-interface didn't work for you. It should.
Though I'm puzzled why in-interface didn't work for you. It should.
Re: Port forwarding with dynamic WAN IP
I'm too green to understand the difference in the operation but it works.. ThxTry removing the dst-address-list parameter and add dst-address-type=local.
Code example:
Code: Select all
ip firewall nat add chain=dstnat dst-port=80 action=dst-nat protocol=tcp dst-address-type=local to-addresses=192.168.0.10 to-ports=80Re: Port forwarding with dynamic WAN IP
It just means "if the destination IP address in the IP header of the packet before destination NAT is applied is an IP address assigned to a router interface, perform the specified destination NAT action".