This script is not for general public usage. sharing it just for a reference purpose.
The following script was made to help a usea in a very specific condition.It was a setup specific issue and a quick dirty temporary solution was made to deploy this script to solve the problem for a short period of time only. Its not very neat and clean and probably it could be done with more sophisticated code with fewer line. but no time 🙂
Scenario:
You have 8 public ip pool and only one ip is used at mikrotik wan. now problem is that your ISP blocks your Public ip for few minutes dueto some grey traffic passing and you cannot block the grey traffic for some reasons. This script will help in this situation that if your IP gets blocked by the ISP, it will immediately (or by scheduled) changes the ip to next available ip address. and then it will also email you the result or alert.
Scenario was discussed here.
http://forum.mikrotik.com/viewtopic.php?f=9&t=92666&p=463406#p463406
#
# 9th Jan, 2015
# Script Starts here ... Tested with Mikrotik 6.xx ...
# Internet Host to be checked You can modify them as per required, JZ
# Setting various variables to be used later in this script
# Host to be monitor, like google dns and opends servers
:local host1 "8.8.8.8"
:local host2 "208.67.222.123"
:global InternetStatus;
:global InternetLastChange;
:global gmailsmtp
:set gmailsmtp [:resolve "smtp.gmail.com"];
# Set your Gmail ID and Password
:global sendermail YOUR_GMAIL_ID@gmail.com
:global gmailpass YOUR_GMAIL_PASSWORD
# Do not modify data below without proper understanding.
:local i 0;
:local F 0;
:local date;
:local time;
# PING each host 2 times
:for i from=1 to=2 do={
if ([/ping $host1 count=1]=0) do={:set F ($F + 1)}
if ([/ping $host2 count=1]=0) do={:set F ($F + 1)}
};
# If both links are down and all replies are timeout, then link is considered down
:if (($F=4)) do={
## ADD YOUR RULES HERE, LIKE ROUTE CHANGE OR WHAT EVER IS REQUIRED, Example is below ...
:log error "ISP LINK SEEMS TO BE DOWN, Changing IP Address /jz"
:set InternetStatus "DOWN";
:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
/ip address
:if ([get [find comment="ether1_wan_ip_1"] disabled] = false) do={
disable [find comment="ether1_wan_ip_1"]
enable [find comment="ether1_wan_ip_2"]
} else={
:if ([get [find comment="ether1_wan_ip_2"] disabled] = false) do={
disable [find comment="ether1_wan_ip_2"]
enable [find comment="ether1_wan_ip_3"]
} else={
:if ([get [find comment="ether1_wan_ip_3"] disabled] = false) do={
disable [find comment="ether1_wan_ip_3"]
enable [find comment="ether1_wan_ip_4"]
} else={
:if ([get [find comment="ether1_wan_ip_4"] disabled] = false) do={
disable [find comment="ether1_wan_ip_4"]
enable [find comment="ether1_wan_ip_5"]
} else={
:if ([get [find comment="ether1_wan_ip_5"] disabled] = false) do={
disable [find comment="ether1_wan_ip_5"]
enable [find comment="ether1_wan_ip_6"]
} else={
:if ([get [find comment="ether1_wan_ip_6"] disabled] = false) do={
disable [find comment="ether1_wan_ip_6"]
enable [find comment="ether1_wan_ip_7"]
} else={
:if ([get [find comment="ether1_wan_ip_7"] disabled] = false) do={
disable [find comment="ether1_wan_ip_7"]
enable [find comment="ether1_wan_ip_8"]
} else={
:if ([get [find comment="ether1_wan_ip_8"] disabled] = false) do={
disable [find comment="ether1_wan_ip_8"]
enable [find comment="ether1_wan_ip_1"]
}
}
}
}
}
}
}
}
#};
} else={
## If reply is received , then consider the Link is UP
:if (($InternetStatus="DOWN")) do={
:log warning "WARNING :The INTERNET link have been restored";
:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
:set InternetStatus "UP";
:global wanip
# Fetch your PUBLIC ip address from dnsomatic so that its info can be used at required session for info purposes ...
/tool fetch url="http://myip.dnsomatic.com/" mode=http dst-path=mypublicip.txt
local ip [file get mypublicip.txt contents ]
:set wanip "$ip";
:log warning "Internet Monitor by ZAIB Report: Internet seems to be UP with ISP_NAME ip $wanip"
/tool e-mail send to="RECEVER_EMAIL@gmail.com" password=$gmailpass subject="ISP_NAME Link or IP was DOWN. Now new WAN IP address is $wanip" from=$sendermail server=$gmailsmtp start-tls=yes body="ISP_NAME Link or IP was DOWN. Now new WAN IP address is $wanip ******* Regard's > >>>>> Syed Jahanzaib aacable@hotmail.com ****** "
}
}
}
}
}
}
}
}
Regard’s
Syed Jahanzaib
Syed Jahanzaib - Personal Blog to Share Knowledge ! 
is it possible to use DVR on private IP
Date: Fri, 9 Jan 2015 11:09:00 +0000 To: szabbas81@hotmail.com
LikeLike
Comment by ZAFAR ABBAS — January 9, 2015 @ 5:08 PM
yes its possible. You can do Port Forwarding to your DVR. If you have multiple DVR . then you can use PAT, example create dst-nat as follows.
dst-nat , dst-port 1234 , interface WAN, > dst-nat to . DVR local ip + dvr original port like 80
then repeat the rules as per required just change the dst-port 1234 to 1235 and so on. youcan use one public ip to access your hundred of devices just be changing the port and the original device should be orignial same.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 10, 2015 @ 12:18 PM
asallam o alaikum syed jahanzaib bahi kesay hain ap ? bahi kindly yeh to btayein k squid or lusca mein kia farq hai
or agar koe farq hai to kia hai or kia best rehta hai ?
LikeLike
Comment by javed — January 10, 2015 @ 5:52 PM
salam jahanzaib bhai,
i need to know, how i secure my MT router from layer 2 attacks within MT router, i mean i dont wana buy any cisco layer 2 switch or any other to secure my network i want to secure my network from arp attacks and i want to do this with MT routers bcoz MT routers are cheapest,
so plzzz sir reply what u know about it, guide me what should i do. i m waiting 4 ur reply
.
thanking you
LikeLike
Comment by Rehmat ali — January 20, 2015 @ 3:59 AM
sir i m still waiting for ur reply
LikeLike
Comment by Rehmat ali — January 20, 2015 @ 6:23 PM
Dear Rehmat Ali Check this https://aacable.wordpress.com/2011/08/15/mikrotik-howto-prevent-mt-host-from-invalid-login-attempts-from-lanwan-users/
LikeLike
Comment by Jalil Abbas — January 20, 2015 @ 7:08 PM
THXZ FOR UR TIME SIR but i secure my network from mac flooding and many other layer 2 attacks from googling, i put MT 750gl as a switch and 4 ports in one bridge, in bridge filter rules i put some arp restriction and also i do ur layer 3 security on it now all works good. thxzzz for ur reply, u r doing really good job sir. Knowledge is a key to success and u r giving that key to all without any payment or any demand,
u r really doing good for us , ALLAH will give u what u deserve keep it up sir:)
LikeLike
Comment by Rehmat ali — January 24, 2015 @ 9:27 PM
Salam jahanzaib sir,
i have a question for gernal knowledge, i have MT R+S model is CRS125-24G-1S-IN in which i configure loadbalancing in 6 ports as a wan and 1 port i use for my MT pcOS where pppoe server is and 2nd port i use for my squid box (total ports i m using is 8)
2 WAN is 8mb and 4 WAN links is 4mb, problem is with pcc loadbalancing its not combining all my WAN ports or bandwidth in same time but its combines randomly 4 ports sometime 5 ports in peak time of my network, in that time people are complaining about internet speed dont no why.
i configure pcc method for unequal loadbalancing.
i just wana know possibilities and troubleshooting ways to find out where actually problem is
i m sure i do same as what u say in unequal loadbalancing bcoz MT router runs fine till dec 2014
plz do reply
thanking you,
LikeLike
Comment by rehmat ali — February 2, 2015 @ 3:58 AM
hmm in peak time my MT router using processor 40% to 50%
LikeLike
Comment by rehmat ali — February 2, 2015 @ 4:01 AM
sir i sent u a massage on fb please check your other msg box
tnx
LikeLike
Comment by ehab — March 27, 2015 @ 9:07 PM
I dont read FB messages frequently. send mail to aacable at hotmail dot com
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 28, 2015 @ 11:12 AM