This script aims to automate the update of NAT 1:1 rules whenever the external IP address of the PPPoE connection changes. Unlike masquerade NAT, which is recommended for internet access, NAT 1:1 allows mapping specific internal IP addresses to the external IP, making them accessible from the internet.
Benefits of using NAT 1:1 over Masquerade NAT:
1. **Direct Access to Internal Devices/Services**: With NAT 1:1, you can map specific internal IP addresses to the external IP, allowing direct access to servers, services, or devices on your internal network from the internet.
2. **No Need for Port Forwarding**: Since each internal IP is directly mapped to the external IP, there is no need to configure port forwarding rules, simplifying the setup.
3. **Support for Protocols That Don't Work Well with NAT**: Some protocols or applications may have issues when traversing through masquerade NAT, while they work correctly with NAT 1:1.
Disadvantages of using Masquerade NAT:
1. **Direct Access to Internal Devices Not Possible**: With masquerade NAT, you cannot directly access devices or services on your internal network from the internet unless you manually configure port forwarding rules.
2. **Issues with Some Protocols**: Certain protocols or applications may face difficulties when passing through masquerade NAT, requiring additional configurations.
Script Functionalities:
1. **Automatic IP Change Detection**: The script monitors the PPPoE interface and obtains the currently assigned external IP address.
2. **NAT 1:1 Rules Update**: Whenever a new external IP address is detected, the script locates and updates the existing NAT 1:1 rules on the MikroTik, replacing the old IP address with the new one.
3. **No Interruption of Active Connections**: The script updates only new connections with the new external IP, leaving existing connections unaffected to avoid disruptions.
4. **Automatic Scheduling**: The script is configured to run periodically (e.g., every minute) through the MikroTik's scheduler, ensuring that the NAT 1:1 rules are always up-to-date.
How to Use:
1. Copy the script code and create a new script in MikroTik through the "System > Scripts" menu.
2. In the script configuration, ensure you mark the "Don't Require Permissions" (don't require permissions) option.
3. Create a new task in the MikroTik scheduler ("System > Scheduler") to run the script periodically (e.g., every minute).
4. Verify that the existing NAT 1:1 rules on the MikroTik are correctly configured for the PPPoE interface and the internal IP addresses you want to make externally accessible.
With this script implemented, you won't have to worry about manually updating the NAT 1:1 rules whenever the external IP address of the PPPoE connection changes, keeping your internal services and devices reliably and efficiently accessible from the outside.
Code: Select all
# Cria um novo script chamado 'update-nat-rule'
# Define que não é necessário permissões especiais para executar o script
add dont-require-permissions=yes name=update-nat-rule owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{
# Variável com o nome da interface PPPoE
:local pppoeIf \"pppoe\";
# Obtém o endereço IP atual da interface PPPoE
:local pppoeAddr [/ip address get [find interface=\$pppoeIf] address];
# Atualiza a regra de NAT com o novo endereço IP
/ip firewall nat set [find action=src-nat chain=srcnat out-interface=\$pppoeIf] to-addresses=\$pppoeAddr;
}"
# Cria uma nova tarefa no agendador para executar o script a cada minuto
add interval=1m name=update-nat-rule on-event=update-nat-rule policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-03-07 start-time=11:01:00