UPnP Multi-WAN

• 1. Make the simplest UPnP config for just WAN1

• 2. Add the following script as a schedule: will clone UPnP Dynamic NAT entries as normal NAT entries for WAN2.

Schedule time can be every minute.

(set <WAN2 IP> manually)

#global variable is loaded with IDs of Dynamic NAT entries
:global UPnPs [/ip firewall nat find dynamic];
#compares IDs with the ones from previous run
:if ($UPnPs != $UPnPz) do={
#copies current IDs to secondary variable UPnPz which will be used for comparison on next run
:global UPnPz; :set $UPnPz $UPnPs;
#if the vars above are not same, first all old clones are cleaned
/ip firewall nat remove [/ip fi nat find comment="UPnP_Cloned"];
:foreach i in=([/ip fi nat find dynamic]) do={
#set <WAN 2 IP> manually or can be also obtain from the interface by scripting
/ip fi nat add chain=dstnat dst-address="<WAN 2 IP>" \
#copy TCP or UDP protocol setting from the current Dynamic rule that :foreach is cycling through
protocol=[/ip fi nat get $i protocol] \
#copy to address - this is the customers internal address
to-addresses=[/ip fi nat get $i to-addresses] \
#same port
to-ports=[/ip fi nat get $i to-ports] \
action=dst-nat \
#same dst-port
dst-port=[/ip fi nat get $i dst-port] \
comment="UPnP_Cloned"}}

Same script easier to read with syntax colorization

• 3. For large networks you may find it useful to clean any Dynamic NAT entries and cloned NAT entry every other night, as old ones may pile up:

/ip firewall nat remove [/ip firewall nat find comment="UPnP_Cloned"];
/ip upnp set enabled=no;
/delay 3000ms;
/ip upnp set enabled=yes;

FUTURE VERSION of this script may use nested loops to compare the NAT entries as unsorted Arrays: www.google.com/search?q=nested+loop+array+comparison

Contributions are welcome!