Mikrotik RouterOS ipv6-npt脚本

技术资料分享,软路由,脚本

 0  1113

admin 自由达人 2024-08-01 23:14:29

用户等级：5级

#!rsc by RouterOS
#
# Set up NPTv6.
#
# GUA prefix is reserved by allocating a network from $argWanPool
# on $argLoopbackInt. Once GUA network is available, its address-prefix
# is used to set up mangling rules to perform network prefix translation
# with addresses from $argUlaPool.
#
# Since mangling is performed after connection tracking, all mangled packets
# continue processing with connection-state=invalid. Thus raw rules are added
# to mark these packets for notrack. Adjust your filter rules accordingly.
#
# Optional arg*Extra can be used to further narrow matching criteria.
# E.g. to perform translation only when the packet is routed through WAN:
#
#   :global argSnptMangleExtra {"out-interface-list"="WAN"}
#
#
# Arguments:
#   argLoopbackInt (str): name of the loopback interface
#   argWanPool (str): name of the WAN pool
#   argUlaPool (str): name of the ULA pool
#   argManagedID (str): regex-escaped unique ID of the managed objects
#   [argSnptMangleExtra] (array): Optional extra properties for the SNPT mangle rule
#   [argDnptMangleExtra] (array): Optional extra properties for the DNPT mangle rule
#   [argSnptRawExtra] (array): Optional extra properties for the SNPT raw rule
#   [argDnptRawExtra] (array): Optional extra properties for the DNPT raw rule
#
#
# Affects:
#   /ipv6/address
#   /ipv6/firewall/mangle
#   /ipv6/firewall/raw
#
#
# Requirements:
#   - mod/ipv6-functions

:global GlobalFunctionsReady;
:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }


:local SetupRules do={
    :global argLoopbackInt
    :global argWanPool
    :global argManagedID
    :global argSnptMangleExtra
    :global argDnptMangleExtra
    :global argSnptRawExtra
    :global argDnptRawExtra

    :global WaitIP6Address
    :global SetIfExistsElseAdd
    :global SetIfExistsElseAddUnlessEqual

    $SetIfExistsElseAddUnlessEqual /ipv6/address\
        ({"comment~\"$argManagedID\\\$\""})\
        ({\
            interface="$argLoopbackInt";\
            advertise=false;\
            "from-pool"="$argWanPool"\
        })\
        ({\
            interface=$argLoopbackInt;\
            advertise="no";\
            "from-pool"=$argWanPool;\
            comment="\"Managed: NPTv6 / $argManagedID\""\
        })
    :local varGuaPrefix [$WaitIP6Address $argLoopbackInt $2 ("$argManagedID\$")]

    $SetIfExistsElseAdd /ipv6/firewall/mangle\
        ({"comment~\"snpt-$argManagedID\\\$\""})\
        ($argSnptMangleExtra , {\
            chain="postrouting";\
            action="snpt";\
            "src-address"=$1;\
            "src-prefix"=$1;\
            "dst-prefix"=$varGuaPrefix;\
            comment="\"Managed: NPTv6 / snpt-$argManagedID\""\
        })

    $SetIfExistsElseAdd /ipv6/firewall/mangle\
        ({"comment~\"dnpt-$argManagedID\\\$\""})\
        ($argDnptMangleExtra , {\
            chain="prerouting";\
            action="dnpt";\
            "dst-address"=$varGuaPrefix;\
            "src-prefix"=$varGuaPrefix;\
            "dst-prefix"=$1;\
            comment="\"Managed: NPTv6 / dnpt-$argManagedID\""\
        })

    $SetIfExistsElseAdd /ipv6/firewall/raw\
        ({"comment~\"snpt-$argManagedID\\\$\""})\
        ($argSnptRawExtra , {\
            chain="prerouting";\
            action="notrack";\
            "src-address"=$1;\
            comment="\"Managed: NPTv6 / snpt-$argManagedID\""\
        })

    $SetIfExistsElseAdd /ipv6/firewall/raw\
        ({"comment~\"dnpt-$argManagedID\\\$\""})\
        ($argDnptRawExtra , {\
            chain="prerouting";\
            action="notrack";\
            "dst-address"=$varGuaPrefix;\
            comment="\"Managed: NPTv6 / dnpt-$argManagedID\""\
        })
}

:local TearDown do={
    :global argManagedID
    /ipv6/address/remove [find comment~"$argManagedID\$"]
    /ipv6/firewall/mangle/remove [find comment~"$argManagedID\$"]
    /ipv6/firewall/raw/remove [find comment~"$argManagedID\$"]
}

:global LogPrint
:global AssertNotEmpty

:global argLoopbackInt
:global argWanPool
:global argUlaPool
:global argManagedID

$AssertNotEmpty "argLoopbackInt" $argLoopbackInt
$AssertNotEmpty "argWanPool" $argWanPool
$AssertNotEmpty "argUlaPool" $argUlaPool
$AssertNotEmpty "argManagedID" $argManagedID


/ipv6/pool
:local varWanPrefix [get value-name=prefix $argWanPool]
:local varUlaPrefix [get value-name=prefix $argUlaPool]

:do {
    $SetupRules $varUlaPrefix $varWanPrefix
    $LogPrint info $0 ("Add NPT: $varUlaPrefix <-> $varWanPrefix")
} on-error={
    $LogPrint warning $0 ("Failed to update NPTv6, retrying from scratch")
    :do {
        $TearDown
        $SetupRules $varUlaPrefix $varWanPrefix
    } on-error={
        $TearDown
        $LogPrint error $0 ("Failed to set up NPTv6")
        :error "fatal error in ipv6-npt.rsc"
    }
}

楼主签名：唱跳rap和篮球

回帖

回复列表

更多回复

站长有偿接单QQ：821689701 早上10点到晚上22点

本站热帖: 01 爱快ikuai转发pptp、l2tp客户端端口数据 504767; 02 抖音tiktok国际版视频直播专线搭建服务 496917; 03 海外游戏Game工作室专线搭建服务 496096; 04 亚马逊电商访问开店专线搭建服务 495986; 05 天翼云多IP搭建PPTP、L2TP、SOCKS5游戏专线服务 495853; 06 国内快手直播专线搭建服务 495342; 07 国内抖音直播专线搭建服务 494111; 08 centos7 L2TP/ipsec 搭建 138001; 09 全自动一键网络重装脚本（DD脚本）推荐 136609; 10 Linux一键脚本zabbix安装代码 135706

Mikrotik RouterOS ipv6-npt脚本

站长有偿接单QQ：821689701 早上10点到晚上22点

最新会员

友情链接