Difference between revisions of "UPnP Multi-WAN"

From MikroTik Wiki
Jump to: navigation, search
(Created page with "The following script will clone UPnP entries from WAN1 to WAN2: Schedule NAT entry cloning every few minutes: (set <WAN2 IP> manually) :foreach i in=([/ip fi nat find dynamic...")
 
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
The following script will clone UPnP entries from WAN1 to WAN2:
+
* 1. Make the simplest UPnP config for just WAN1
  
 +
* 2. Add the following script as a schedule: will clone UPnP Dynamic NAT entries as normal NAT entries for WAN2.
 +
Schedule time can be every minute.
  
Schedule NAT entry cloning every few minutes:
+
(set <WAN2 IP> manually)
  
(set <WAN2 IP> manually)
+
<pre>
 +
#global variable is loaded with IDs of Dynamic NAT entries
 +
:global UPnPs [/ip firewall nat find dynamic];
 +
#compares IDs with the ones from previous run
 +
:if ($UPnPs != $UPnPz) do={
 +
#copies current IDs to secondary variable UPnPz which will be used for comparison on next run
 +
:global UPnPz; :set $UPnPz $UPnPs;
 +
#if the vars above are not same, first all old clones are cleaned
 +
/ip firewall nat remove [/ip fi nat find comment="UPnP_Cloned"];
 +
:foreach i in=([/ip fi nat find dynamic]) do={
 +
#set <WAN 2 IP> manually or can be also obtain from the interface by scripting
 +
/ip fi nat add chain=dstnat dst-address="<WAN 2 IP>" \
 +
#copy TCP or UDP protocol setting from the current Dynamic rule that :foreach is cycling through
 +
protocol=[/ip fi nat get $i protocol] \
 +
#copy to address - this is the customers internal address
 +
to-addresses=[/ip fi nat get $i to-addresses] \
 +
#same port
 +
to-ports=[/ip fi nat get $i to-ports] \
 +
action=dst-nat \
 +
#same dst-port
 +
dst-port=[/ip fi nat get $i dst-port] \
 +
comment="UPnP_Cloned"}}
 +
</pre>
 +
 
 +
[http://forum.mikrotik.com/viewtopic.php?p=426711#p426711 Same script easier to read with syntax colorization]
 +
 
 +
 
 +
* 3. For large networks you may find it useful to clean any Dynamic NAT entries and cloned NAT entry every other night, as old ones may pile up:
  
:foreach i in=([/ip fi nat find dynamic]) do={/ip fi nat add chain=dst-nat dst-address="<WAN2 IP>" protocol=[/ip fi nat get $i protocol] to-addresses=[/ip fi nat get $i to-addresses] to-ports=[/ip fi nat get $i to-ports] action=dst-nat dst-port=[/ip fi nat get $i dst-port] comment="UPnP_Cloned"}
+
<pre>
 +
/ip firewall nat remove [/ip firewall nat find comment="UPnP_Cloned"];
 +
/ip upnp set enabled=no;
 +
/delay 3000ms;
 +
/ip upnp set enabled=yes;
 +
</pre>
  
 +
FUTURE VERSION of this script may use nested loops to compare the NAT entries as unsorted Arrays:
 +
www.google.com/search?q=nested+loop+array+comparison
  
Schedule cloned NAT entry removing every other night:
+
Contributions are welcome!
  
/ip firewall nat remove [/ip firewall nat find comment="UPnP_Cloned"]
+
[[Category: Scripting]]

Latest revision as of 10:16, 5 December 2014

  • 1. Make the simplest UPnP config for just WAN1
  • 2. Add the following script as a schedule: will clone UPnP Dynamic NAT entries as normal NAT entries for WAN2.

Schedule time can be every minute.

(set <WAN2 IP> manually)

#global variable is loaded with IDs of Dynamic NAT entries
:global UPnPs [/ip firewall nat find dynamic];
#compares IDs with the ones from previous run
:if ($UPnPs != $UPnPz) do={
#copies current IDs to secondary variable UPnPz which will be used for comparison on next run
:global UPnPz; :set $UPnPz $UPnPs;
#if the vars above are not same, first all old clones are cleaned
/ip firewall nat remove [/ip fi nat find comment="UPnP_Cloned"];
:foreach i in=([/ip fi nat find dynamic]) do={
#set <WAN 2 IP> manually or can be also obtain from the interface by scripting
/ip fi nat add chain=dstnat dst-address="<WAN 2 IP>" \
#copy TCP or UDP protocol setting from the current Dynamic rule that :foreach is cycling through
protocol=[/ip fi nat get $i protocol] \
#copy to address - this is the customers internal address
to-addresses=[/ip fi nat get $i to-addresses] \
#same port
to-ports=[/ip fi nat get $i to-ports] \
action=dst-nat \
#same dst-port
dst-port=[/ip fi nat get $i dst-port] \
comment="UPnP_Cloned"}}

Same script easier to read with syntax colorization


  • 3. For large networks you may find it useful to clean any Dynamic NAT entries and cloned NAT entry every other night, as old ones may pile up:
/ip firewall nat remove [/ip firewall nat find comment="UPnP_Cloned"];
/ip upnp set enabled=no;
/delay 3000ms;
/ip upnp set enabled=yes;

FUTURE VERSION of this script may use nested loops to compare the NAT entries as unsorted Arrays: www.google.com/search?q=nested+loop+array+comparison

Contributions are welcome!