Ir al contenido principal

Mikrotik Ipv6 config home Time Warner, Run Runner and Spectrum

Configurando Ipv6 en Mikrotik router esta configuración funciona para Time Warner, Run Runner y Spectrum.

Espero que otros puedan resolver su problema al igual que yo
Configuración ipv6 cliente de un ISP y sus clientes de lan interno.








Wan = ether1
Lan = ether2-master
Spectrum = Nombre del pool


# jan/17/2017 07:40:20 by RouterOS 6.38
#

/ipv6 dhcp-server
add address-pool=Spectrum disabled=no interface=ether2-master lease-time=3d name=\
    ipv6 preference=255 rapid-commit=yes


/ipv6 address
add address=/64 advertise=yes disabled=no eui-64=no from-pool=Spectrum interface=\
    ether2-master no-dad=no


/ipv6 dhcp-client
add add-default-route=yes disabled=no interface=ether1 pool-name=Spectrum \
    pool-prefix-length=56 prefix-hint=::/0 request=prefix use-peer-dns=yes


/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-limit !dst-port !headers !hop-limit !icmp-options !in-bridge-port \
    !in-bridge-port-list !in-interface in-interface-list=!LAN !ingress-priority \
    !ipsec-policy !limit log=no log-prefix="" !nth !out-bridge-port \
    !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
    !packet-size !per-connection-classifier !port !priority !protocol !random \
    !src-address !src-address-list !src-mac-address !src-port !tcp-flags \
    !tcp-mss !time !tls-host
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" \
    src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" \
    dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="TO USE Edit ipv6 address Web Server Apache" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp dst-address=\
    200:0:0:::/128 !dst-address-list !dst-limit \
    dst-port=21-23,80,443,2222 !headers !hop-limit !icmp-options \
    !in-bridge-port !in-bridge-port-list in-interface=ether1 \
    !in-interface-list !ingress-priority !ipsec-policy !limit log=yes \
    log-prefix="" !nth !out-bridge-port !out-bridge-port-list !out-interface \
    !out-interface-list !packet-mark !packet-size !per-connection-classifier \
    !port !priority protocol=tcp !random !src-address !src-address-list \
    !src-mac-address !src-port !tcp-flags !tcp-mss !time !tls-host
add action=accept chain=forward comment="TO USE Edit ipv6 address Web Server Apache" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp dst-address=\
    200:0:0:::/128 !dst-address-list !dst-limit \
    dst-port=21-23,80,443 !headers !hop-limit !icmp-options !in-bridge-port \
    !in-bridge-port-list in-interface=ether1 !in-interface-list \
    !ingress-priority !ipsec-policy !limit log=yes log-prefix="" !nth \
    !out-bridge-port !out-bridge-port-list !out-interface !out-interface-list \
    !packet-mark !packet-size !per-connection-classifier !port !priority \
    protocol=udp !random !src-address !src-address-list !src-mac-address \
    !src-port !tcp-flags !tcp-mss !time !tls-host
add action=drop chain=forward comment="PBX Drops ports!" !connection-bytes \
    !connection-limit !connection-mark !connection-rate !connection-state \
    !connection-type !content disabled=no !dscp dst-address=\
    2605:6000:1015:83e6:bfba:ee40:ac16:aead/128 !dst-address-list !dst-limit \
    dst-port=21,23 !headers !hop-limit !icmp-options !in-bridge-port \
    !in-bridge-port-list !in-interface !in-interface-list !ingress-priority \
    !ipsec-policy !limit log=yes log-prefix="" !nth !out-bridge-port \
    !out-bridge-port-list !out-interface !out-interface-list !packet-mark \
    !packet-size !per-connection-classifier !port !priority protocol=tcp \
    !random !src-address !src-address-list !src-mac-address !src-port \
    !tcp-flags !tcp-mss !time !tls-host
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=drop chain=forward comment=\
    "LAN  Port 137-24553 Close multiple ports" !connection-bytes \
    !connection-limit !connection-mark !connection-rate connection-state=new \
    !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-limit dst-port=\
    1-20,25-79,82-442,444-1072,1074-5159,5162-24553,24555-65535 !headers \
    !hop-limit !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
    ether1 !in-interface-list !ingress-priority !ipsec-policy !limit log=\
    yes log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
    !out-interface !out-interface-list !packet-mark !packet-size \
    !per-connection-classifier !port !priority protocol=tcp !random \
    !src-address !src-address-list !src-mac-address !src-port !tcp-flags \
    !tcp-mss !time !tls-host
add action=drop chain=forward comment=\
    "LAN  Port 137-24553 Close UDP multiple ports" !connection-bytes \
    !connection-limit !connection-mark !connection-rate connection-state=new \
    !connection-type !content disabled=no !dscp !dst-address !dst-address-list \
    !dst-limit dst-port=\
    1-20,25-79,82-442,444-1072,1074-5159,5162-24553,24555-65535 !headers \
    !hop-limit !icmp-options !in-bridge-port !in-bridge-port-list in-interface=\
    ether1 !in-interface-list !ingress-priority !ipsec-policy !limit log=\
    yes log-prefix="" !nth !out-bridge-port !out-bridge-port-list \
    !out-interface !out-interface-list !packet-mark !packet-size \
    !per-connection-classifier !port !priority protocol=udp !random \
    !src-address !src-address-list !src-mac-address !src-port !tcp-flags \
    !tcp-mss !time !tls-host



/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes \
    disabled=no hop-limit=64 interface=bridge managed-address-configuration=\
    yes mtu=unspecified other-configuration=yes ra-delay=3s ra-interval=\
    3m20s-10m ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
    unspecified


/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=4h valid-lifetime=4h


/ipv6 route
add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
    !bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
    dst-address=2605:6000:1021:cf::/128 gateway=bridge !route-tag scope=30 \
    target-scope=10


/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=\
    yes forward=yes max-neighbor-entries=8192

Nota:
Al comienzo de mi configuración utilice de otros medios parte de su configuración:

https://technotes.seastrom.com/2016/08/22/mikrotik-cable-ipv6.html
http://www.netdaily.org/tag/mikrotik-ipv6-home-example/

Comentarios

Publicar un comentario

Entradas más populares de este blog

BBS - Boletin Board Sistem

Antes de que Internet fuera tan grande y Google todavía no existía! Teníamos los BBS Eran Personas que tenían sus computadoras prendidas con sistemas para recibir llamadas. Te contestaba por medio de tu modem Dial UP uff tenia un 9600 en ese tiempo y una 8086 con DOS me conectaba a FileGallery para poder pegar al Internet que tiempos... En Puerto Rico tuvimos 42 BBS de los que visite por Dial-UP http://bbslist.textfiles.com/787/ Ya casi no existen pero me gustaria algundia toparme con alguno de los sysop. BBS Existentes en Puerto Rico bbs.thewallbbs.com bbs.efectolinux.com tiene DIALUPy trabaja:)

DOH cloudflare dns on Mikrotik V7

Protecting home Internet connections from malware With home Internet usage on the rise, it’s never been more important to protect your family from dangerous and malicious sites. 1.1.1.1 for Families is built on top of the same site categorization and filtering technology that powers Cloudflare’s enterprise products. It uses Cloudflare’s Internet intelligence to filter content on your home Internet network.