CGNAT – :: SCRIPT CGNAT ::

Publicado por André Andrade em

CGNAT – :: SCRIPT CGNAT ::

**** Ferramentas abordadas pelo Sr. William Oliveira em sua narrativa:

Log de Autenticação

*** Leitura complementar:

CGNAT EXTERNO INTEGRANDO AOS AUTENTICADORES

CADASTRO DE RANGE DE IP

 

Um ótimo trabalho do Sr. Ademir Vida (Wide Soft International, Brazil).

O Vídeo do criador explicando até o minuto 42 como ativar o Script CGNAT.

👉 https://www.youtube.com/watch?v=_MxBe0hFuTU&feature=emb_logo

Script CGNAT
CGNAT

OU Copie e Cole os comandos abaixo no new terminal do mikrotik:

/system scheduler remove [find name="wm-cgnat"];/system scheduler add interval=5s start-time=startup name=wm-cgnat on-event=":local g 0;:local ip;:local d;:if ([:tostr [/ip pool find name~\"^wm-cgnat/\"]] != \"\") do={:set ip [:pick [/ip pool get [find name~\"^wm-cgnat/\"] ranges] 0];:if ([:tostr [:find (ip) \"/\"]]\_!= \"\") do={:set d [/ip pool get [find name~\"^wm-cgnat/\"] name];:if ([:tostr [:find (d) \"/\"]] != \"\") do={:set d [:tonum [:pick (d) ([:find (d) \"/\"]+1) [:len (d)]]];:if ((d) > 1 && (d) < 65) do={:if ([:tostr (d)] = \"\" || [:tonum (d)] > 64) do={:set d 64;\t};:if ([:tostr (g)] = \"\") do={:set g 0;\t};/ip firewall address-list remove [find list=no-wm-cgnat];/ip firewall nat remove [find comment~\"^wm-cgnat\"];/ip pool remove [find name~\"^wm-cgnat\"];:foreach i in=[:toarray \"10.0.0.0/8,172.16.0.0/12,192.168.0.0/16\"] do={/ip firewall address-list add list=no-wm-cgnat address=(i);/};:local\_p1 0;:local p2 1023;:local ac netmap;:local ipa;:for i from=0 to=([:len (ip)]-1) do={:local c [:pick (ip) (i)];:if ((c) = \".\") do={:set ipa ((ipa).\",\");} else={:if ((c) = \"/\" || (c) = \"-\") do={:set ipa ((ipa).\",\");};:set ipa ((ipa).(c));:if ((c) = \"-\") do={:set ac src-nat;:set ipa ((ipa).\",\");};};};:set ipa [:toarray (ipa)];:local r;:local t;:local u;:local a;:local pl \"\";:local n none;:for i from=0 to=((d)-1) do={:set p1 (p2+1);:set\_p2 ((64511 /(d))+(p2));:if ((i) = ((d)-1)) do={:set p2 65535;};:local p (\"\\\"wm-cgnat [\".(p1).\"-\".(p2).\"]\\\"\");:local cg;:for ii from=0 to=([:len (ipa)]-1) do={:local c [:pick (ipa) (ii)];:if ((ii) = 0 || (ii) = 5 && [:pick (ipa) (4)] = \"-\") do={:set cg ((cg).\"100\");} else={:if ((ii) != 4) do={:set cg ((cg).\".\");};:if ((ii) = 1 || (ii) = 6) do={:set cg ((cg).((i)+64));} else={:set cg ((cg).(c));};};};:foreach ii in=[:toarray \"tcp,udp,all\"] do={:local h (\"\\\"wm-cgnat (jump --> \".(ii).\")\\\"\");:local j;:if ((i) = 0) do={:set j (\"/ip firewall nat add chain=srcnat action=jump jump-target=\".(h).\" dst-address-list=!no-wm-cgnat comment=\".(h));};:local f (\"/ip firewall nat add chain=\".(h).\" src-address=\".(cg).\" dst-address-list=!no-wm-cgnat action=\".(ac).\" to-address=\\\"\".(ip).\"\\\" comment=\".(p));:if ((ii) != \"all\") do={:if ((i) = 0) do={:set j ((j).\" protocol=\".(ii).\";\\n\\r\");};:set f ((f).\" to-ports=\".((p1).\"-\".(p2)).\" protocol=\".(ii));:if ((ii) = \"tcp\") do={:set t ((t).(j).(f).\";\\n\\r\");} else={:set u ((u).(j).(f).\";\\n\\r\");};} else={:if ((i) = 0) do={:set j ((j).\";\\n\\r\");};:set a ((a).(j).(f).\";\\n\\r\");};};:if ((g) = 0) do={:set r ((r).\"/ip pool add name=\".(p).\" range=\".(cg).\";\\n\\r\");:if ((i) != 0 &&\_(i) != (d)) do={:set r ((r).\"/ip pool set [find name=\".(n).\"] next-pool=\".(p).\";\\n\\r\");};} else={:set pl ((pl).(cg).\",\");};:set n (p);};:if ((g) = 1) do={:set r ((r).\"/ip pool add name=wm-cgnat range=\\\"\".(pl).\"\\\";\\n\\r\");};:set r ((r).(t).(u).(a));:put (r);[:parse (r)];};};};};";

Agradecimento ao Sr. William Oliveira Contato: 016 99199-7596

Pronto!

Equipe RECEITANET trabalhando para impulsionar o seu crescimento!


André Andrade

Pós Graduação em Engenharia de Redes e Sistemas de telecomunicações - Inatel