Mikrotik Firewall Remote Access From DynDNS Address

[delid4ve]

So i would like to create an access rule within the mikrotik firewall to restrict access to a couple of remote locations.

Since these are residential and cannot obtain a static IP id like to know the best way of doing this, or if its even possible.

The residential locations both have DynDNS address' so my thought was that the mikrotik can query the known DNS, get the IP, then add this to a temporary whitelist?

 

[System Error Message]

So i would like to create an access rule within the mikrotik firewall to restrict access to a couple of remote locations.

Since these are residential and cannot obtain a static IP id like to know the best way of doing this, or if its even possible.

The residential locations both have DynDNS address' so my thought was that the mikrotik can query the known DNS, get the IP, then add this to a temporary whitelist?

this requires scripts so it is complicated. One of the weakness of routerOS is that it will not check a domain, it will resolve the domain and use that IP in the rule. If you see mikrotik wiki you may find an example that fits your needs.

 

[sfx2000]

this requires scripts so it is complicated. One of the weakness of routerOS is that it will not check a domain, it will resolve the domain and use that IP in the rule. If you see mikrotik wiki you may find an example that fits your needs.

Consider using a desktop client for DDNS - the external IP is still the same, so the effect is the same...

And it's a cleaner solution, as the desktop DDNS clients tend to be updated (SW wise) more often as API's change.

 

[System Error Message]

Consider using a desktop client for DDNS - the external IP is still the same, so the effect is the same...

And it's a cleaner solution, as the desktop DDNS clients tend to be updated (SW wise) more often as API's change.

thats not what he wants to do, if it was DDNS theres a very easy script you can use. What he wants is to allow remote access from a certain IP that changes but has DDNS. Mikrotik will only use 1 IP address so if it changes the rule will be outdated even if you entered a domain as it will resolve the domain into the IP and put the IP into rule instead. Although the feature has been requested many times mikrotik hasnt put any effort in it yet nor in dnscrypt either.

So the only way is to get a script that resolves the domain every so often and updates the rule.

 

[sfx2000]

ddclient maybe then - works under linux, so the uTik's could run this in userland...

 

[Deepcuts]

Easy.
Create a script via WinBox.
(for some reason I cannot put the text directly. The forums tells me I have been blocked because I performed a malicious action )

Add a record in Address List with current ip or just 1.2.3.4 and as a comment, add the ddns record.
Name the list as you wish, like All_Access
Schedules the script to run every 1 minute.
Done

What this does is it resolves the record from the comment to IP and updates the address list.
From there, create a rule to allow inbound from the list you just created.

Once a ddns is changed, the script will update the IP every minute and allow access.
Let me know if I need to be more clear.