Mikrotik Ipv6 config home Time Warner, Run Runner and Spectrum

Configurando Ipv6 en Mikrotik router esta configuración funciona para Time Warner, Run Runner y Spectrum.

Espero que otros puedan resolver su problema al igual que yo
Configuración ipv6 cliente de un ISP y sus clientes de lan interno.








Wan = ether1
Lan = ether2-master
Spectrum = Nombre del pool


# jan/17/2017 07:40:20 by RouterOS 6.38
#

/ipv6 dhcp-server
add address-pool=Spectrum disabled=no interface=ether2-master lease-time=3d name=\
    ipv6 preference=255 rapid-commit=yes


/ipv6 address
add address=/64 advertise=yes disabled=no eui-64=no from-pool=Spectrum interface=\
    ether2-master no-dad=no


/ipv6 dhcp-client
add add-default-route=yes disabled=no interface=ether1 pool-name=Spectrum \
    pool-prefix-length=56 prefix-hint=::/0 request=prefix use-peer-dns=yes


/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-limit !dst-port !headers !hop-limit !icmp-options !in-bridge-port \
    !in-bridge-port-list !in-interface in-interface-list=!LAN !ingress-priority \
    !ipsec-policy !limit log=no log-prefix="" !nth !out-bridge-port \
    !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
    !packet-size !per-connection-classifier !port !priority !protocol !random \
    !src-address !src-address-list !src-mac-address !src-port !tcp-flags \
    !tcp-mss !time !tls-host
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" \
    src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" \
    dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="TO USE Edit ipv6 address Web Server Apache" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp dst-address=\
    200:0:0:::/128 !dst-address-list !dst-limit \
    dst-port=21-23,80,443,2222 !headers !hop-limit !icmp-options \
    !in-bridge-port !in-bridge-port-list in-interface=ether1 \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=yes \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority protocol=tcp !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time !tls-host
add action=accept chain=forward comment="TO USE Edit ipv6 address Web Server Apache" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp dst-address=\
    200:0:0:::/128 !dst-address-list !dst-limit \
    dst-port=21-23,80,443 !headers !hop-limit !icmp-options !in-bridge-port \
    !in-bridge-port-list in-interface=ether1 !in-interface-list \
    !ingress-priority !ipsec-policy !limit log=yes log-prefix="" !nth \
    !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
    !packet-mark !packet-size !per-connection-classifier !port !priority \
    protocol=udp !random !src-address !src-address-list !src-mac-address \
    !src-port !tcp-flags !tcp-mss !time !tls-host
add action=drop chain=forward comment="PBX Drops ports!" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp dst-address=\
    2605:6000:1015:83e6:bfba:ee40:ac16:aead/128 !dst-address-list !dst-limit \
    dst-port=21,23 !headers !hop-limit !icmp-options !in-bridge-port \
    !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
    !ipsec-policy !limit log=yes log-prefix="" !nth !out-bridge-port \
    !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
    !packet-size !per-connection-classifier !port !priority protocol=tcp \
    !random !src-address !src-address-list !src-mac-address !src-port \
    !tcp-flags !tcp-mss !time !tls-host
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=drop chain=forward comment=\
    "LAN  Port 137-24553 Close multiple ports" !connection-bytes \
    !connection-limit !connection-mark !connection-rate connection-state=new \
    !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-limit dst-port=\
    1-20,25-79,82-442,444-1072,1074-5159,5162-24553,24555-65535 !headers \
    !hop-limit !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
    ether1 !in-interface-list !ingress-priority !ipsec-policy !limit log=\
    yes log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
    !out-interface !out-interface-list !packet-mark !packet-size \
    !per-connection-classifier !port !priority protocol=tcp !random \
    !src-address !src-address-list !src-mac-address !src-port !tcp-flags \
    !tcp-mss !time !tls-host
add action=drop chain=forward comment=\
    "LAN  Port 137-24553 Close UDP multiple ports" !connection-bytes \
    !connection-limit !connection-mark !connection-rate connection-state=new \
    !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-limit dst-port=\
    1-20,25-79,82-442,444-1072,1074-5159,5162-24553,24555-65535 !headers \
    !hop-limit !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
    ether1 !in-interface-list !ingress-priority !ipsec-policy !limit log=\
    yes log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
    !out-interface !out-interface-list !packet-mark !packet-size \
    !per-connection-classifier !port !priority protocol=udp !random \
    !src-address !src-address-list !src-mac-address !src-port !tcp-flags \
    !tcp-mss !time !tls-host



/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes \
    disabled=no hop-limit=64 interface=bridge managed-address-configuration=\
    yes mtu=unspecified other-configuration=yes ra-delay=3s ra-interval=\
    3m20s-10m ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
    unspecified


/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=4h valid-lifetime=4h


/ipv6 route
add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
    !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
    dst-address=2605:6000:1021:cf::/128 gateway=bridge !route-tag scope=30 \
    target-scope=10


/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=\
    yes forward=yes max-neighbor-entries=8192

Nota:
Al comienzo de mi configuración utilice de otros medios parte de su configuración:

https://technotes.seastrom.com/2016/08/22/mikrotik-cable-ipv6.html
http://www.netdaily.org/tag/mikrotik-ipv6-home-example/

Comentarios

Publicar un comentario

Entradas más populares de este blog

BBS - Boletin Board Sistem