Google+ Followers

Bitcoin

468x60

martes, 17 de enero de 2017

Mikrotik Ipv6 config home Time Warner, Run Runner and Spectrum

Configurando Ipv6 en Mikrotik router esta configuración funciona para Time Warner, Run Runner y Spectrum.

Espero que otros puedan resolver su problema al igual que yo
Configuración ipv6 cliente de un ISP y sus clientes de lan interno.








Wan = ether1
Lan = ether2-master
Spectrum = Nombre del pool


# jan/17/2017 07:40:20 by RouterOS 6.38
#

/ipv6 dhcp-server
add address-pool=Spectrum disabled=no interface=ether2-master lease-time=3d name=\
    ipv6 preference=255 rapid-commit=yes


/ipv6 address
add address=/64 advertise=yes disabled=no eui-64=no from-pool=Spectrum interface=\
    ether2-master no-dad=no


/ipv6 dhcp-client
add add-default-route=yes disabled=no interface=ether1 pool-name=Spectrum \
    pool-prefix-length=56 prefix-hint=::/0 request=prefix use-peer-dns=yes


/ipv6 firewall filter
add action=accept chain=input comment="Router  Allow IPv6 ICMP" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority protocol=icmpv6 !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=accept chain=input comment=\
    "Router  Accept established connections" !connection-bytes \
    !connection-limit !connection-mark !connection-rate connection-state=\
    established !connection-type !content disabled=no !dscp !dst-address \
    !dst-address-list !dst-limit !dst-port !headers !hop-limit !icmp-options \
    !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
    !ingress-priority !ipsec-policy !limit log=no log-prefix="" !nth \
    !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
    !packet-mark !packet-size !per-connection-classifier !port !priority \
    !protocol !random !src-address !src-address-list !src-mac-address \
    !src-port !tcp-flags !tcp-mss !time
add action=accept chain=input comment="Router  Accept related connections" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    connection-state=related !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=drop chain=input comment="Router  Drop invalid connections" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    connection-state=invalid !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=accept chain=input comment="Router- UDP" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp !dst-address \
    !dst-address-list !dst-limit !dst-port !headers !hop-limit !icmp-options \
    !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
    !ingress-priority !ipsec-policy !limit log=no log-prefix="" !nth \
    !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
    !packet-mark !packet-size !per-connection-classifier !port !priority \
    protocol=udp !random !src-address !src-address-list !src-mac-address \
    !src-port !tcp-flags !tcp-mss !time
add action=accept chain=input comment="Router  From our LAN" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list in-interface=bridge \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=drop chain=input comment="Router  Drop other traffic" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=drop chain=forward comment="LAN  Drop invalid Connections" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    connection-state=invalid !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=accept chain=forward comment="LAN  Accept UDP" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp !dst-address \
    !dst-address-list !dst-limit !dst-port !headers !hop-limit !icmp-options \
    !in-bridge-port !in-bridge-port-list !in-interface !in-interface-list \
    !ingress-priority !ipsec-policy !limit log=no log-prefix="" !nth \
    !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
    !packet-mark !packet-size !per-connection-classifier !port !priority \
    protocol=udp !random !src-address !src-address-list !src-mac-address \
    !src-port !tcp-flags !tcp-mss !time
add action=accept chain=forward comment="LAN  Accept ICMPv6 " \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority protocol=icmpv6 !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=accept chain=forward comment="LAN  Accept established Connections" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    connection-state=established !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=accept chain=forward comment="LAN  Accept related connections" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    connection-state=related !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=log chain=forward comment="LAN  Log everything else" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="Log IPv6" !nth !out-bridge-port !out-bridge-port-list \
    !out-interface !out-interface-list !packet-mark !packet-size \
    !per-connection-classifier !port !priority !protocol !random !src-address \
    !src-address-list !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=reject chain=forward comment="LAN  Drop everything else" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    connection-state=new !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list in-interface=ether1 \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !random reject-with=icmp-no-route !src-address \
    !src-address-list !src-mac-address !src-port !tcp-flags !tcp-mss !time
add action=accept chain=forward comment="LAN  Internal traffic" \
    !connection-bytes !connection-limit !connection-mark !connection-rate \
    !connection-state !connection-type !content disabled=no !dscp \
    !dst-address !dst-address-list !dst-limit !dst-port !headers !hop-limit \
    !icmp-options !in-bridge-port !in-bridge-port-list in-interface=bridge \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=no \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority !protocol !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time


/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes \
    disabled=no hop-limit=64 interface=bridge managed-address-configuration=\
    yes mtu=unspecified other-configuration=yes ra-delay=3s ra-interval=\
    3m20s-10m ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
    unspecified


/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=4h valid-lifetime=4h


/ipv6 route
add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
    !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
    dst-address=2605:6000:1021:cf::/128 gateway=bridge !route-tag scope=30 \
    target-scope=10


/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=\
    yes forward=yes max-neighbor-entries=8192

Nota:
Al comienzo de mi configuración utilice de otros medios parte de su configuración:

https://technotes.seastrom.com/2016/08/22/mikrotik-cable-ipv6.html
http://www.netdaily.org/tag/mikrotik-ipv6-home-example/

No hay comentarios.:

Publicar un comentario