/system scheduler remove [find name="wm-cgnat"];/system scheduler add interval=5s
start-time=startup name=wm-cgnat on-event=":local g 0;:local ip;:local d;:if
([:tostr [/ip pool find name~\"^wm-cgnat/\"]] != \"\") do={:set ip [:pick [/ip pool
get [find name~\"^wm-cgnat/\"] ranges] 0];:if ([:tostr [:find (ip) \"/\"]]\_!
= \"\") do={:set d [/ip pool get [find name~\"^wm-cgnat/\"] name];:if ([:tostr
[:find (d) \"/\"]] != \"\") do={:set d [:tonum [:pick (d) ([:find (d) \"/\"]+1)
[:len (d)]]];:if ((d) > 1 && (d) < 65) do={:if ([:tostr (d)] = \"\" || [:tonum (d)]
> 64) do={:set d 64;\t};:if ([:tostr (g)] = \"\") do={:set g 0;\t};/ip firewall
address-list remove [find list=no-wm-cgnat];/ip firewall nat remove [find
comment~\"^wm-cgnat\"];/ip pool remove [find name~\"^wm-cgnat\"];:foreach i
in=[:toarray \"10.0.0.0/8,172.16.0.0/12,192.168.0.0/16\"] do={/ip firewall address-
list add list=no-wm-cgnat address=(i);/};:local\_p1 0;:local p2 1023;:local ac
netmap;:local ipa;:for i from=0 to=([:len (ip)]-1) do={:local c [:pick (ip)
(i)];:if ((c) = \".\") do={:set ipa ((ipa).\",\");} else={:if ((c) = \"/\" || (c) =
\"-\") do={:set ipa ((ipa).\",\");};:set ipa ((ipa).(c));:if ((c) = \"-\") do={:set
ac src-nat;:set ipa ((ipa).\",\");};};};:set ipa [:toarray (ipa)];:local r;:local
t;:local u;:local a;:local pl \"\";:local n none;:for i from=0 to=((d)-1) do={:set
p1 (p2+1);:set\_p2 ((64511 /(d))+(p2));:if ((i) = ((d)-1)) do={:set p2
65535;};:local p (\"\\\"wm-cgnat [\".(p1).\"-\".(p2).\"]\\\"\");:local cg;:for ii
from=0 to=([:len (ipa)]-1) do={:local c [:pick (ipa) (ii)];:if ((ii) = 0 || (ii) =
5 && [:pick (ipa) (4)] = \"-\") do={:set cg ((cg).\"100\");} else={:if ((ii) != 4)
do={:set cg ((cg).\".\");};:if ((ii) = 1 || (ii) = 6) do={:set cg ((cg).((i)+64));}
else={:set cg ((cg).(c));};};};:foreach ii in=[:toarray \"tcp,udp,all\"] do={:local
h (\"\\\"wm-cgnat (jump --> \".(ii).\")\\\"\");:local j;:if ((i) = 0) do={:set j
(\"/ip firewall nat add chain=srcnat action=jump jump-target=\".(h).\" dst-address-
list=!no-wm-cgnat comment=\".(h));};:local f (\"/ip firewall nat add chain=\".
(h).\" src-address=\".(cg).\" dst-address-list=!no-wm-cgnat action=\".(ac).\" to-
address=\\\"\".(ip).\"\\\" comment=\".(p));:if ((ii) != \"all\") do={:if ((i) = 0)
do={:set j ((j).\" protocol=\".(ii).\";\\n\\r\");};:set f ((f).\" to-ports=\".
((p1).\"-\".(p2)).\" protocol=\".(ii));:if ((ii) = \"tcp\") do={:set t ((t).(j).
(f).\";\\n\\r\");} else={:set u ((u).(j).(f).\";\\n\\r\");};} else={:if ((i) = 0)
do={:set j ((j).\";\\n\\r\");};:set a ((a).(j).(f).\";\\n\\r\");};};:if ((g) = 0)
do={:set r ((r).\"/ip pool add name=\".(p).\" range=\".(cg).\";\\n\\r\");:if ((i) !
= 0 &&\_(i) != (d)) do={:set r ((r).\"/ip pool set [find name=\".(n).\"] next-
pool=\".(p).\";\\n\\r\");};} else={:set pl ((pl).(cg).\",\");};:set n (p);};:if
((g) = 1) do={:set r ((r).\"/ip pool add name=wm-cgnat range=\\\"\".(pl).\"\\\";\\
n\\r\");};:set r ((r).(t).(u).(a));:put (r);[:parse (r)];};};};};";
Ademir Vida, Trainer Mikrotik e criador do Script:
Palestra no Youtube: https://www.youtube.com/watch?v=_MxBe0hFuTU&t
