MikroTik EDPNET

MIKROTIK.md

MikroTik configuration for EDPNET

1. Connect fiber modem on ether1
2. Add VLAN on ether1 with id 10 (vlan-edpnet)
3. Add PPPoE client on vlan-edpnet, user: xxx@EDPNET
4. Add NAT: out interface = vlan-edpnet, action = masquerade

IPv6

1. /system package enable ipv6
2. /system reboot
3. /ipv6 dhcp-client
   add disabled=no interface=pppoe-edpnet pool-name=pppoe-ipv6 pool-prefix-length=56
4. /ipv6 address add from-pool=pppoe-ipv6 interface=bridge advertise=yes
5. /ipv6 firewall filter add action=accept chain=input comment="Router - Allow IPv6 ICMP Traffic" disabled=no protocol=icmpv6 add action=accept chain=input comment="Router - Accept established connections" connection-state=established disabled=no add action=accept chain=input comment="Router - Accept related connections" connection-state=related disabled=no add action=drop chain=input comment="Router - Drop invalid connections" connection-state=invalid disabled=no add action=accept chain=input comment="Router- UDP" disabled=no protocol=udp add action=accept chain=input comment="Router - From our LAN" disabled=no in-interface=bridge add action=log chain=input comment="Router - Log everything else" disabled=no log-prefix="DROP IP6 INPUT" add action=drop chain=input comment="Router - Drop everything else" disabled=no add action=drop chain=forward comment="Lan - Drop invalid Connections" connection-state=invalid disabled=no add action=accept chain=forward comment="Lan - Accept UDP" disabled=no protocol=udp add action=accept chain=forward comment="LAN - Accept ICMPv6 " disabled=no protocol=icmpv6 add action=accept chain=forward comment="Lan - Accept established Connections" connection-state=established disabled=no add action=accept chain=forward comment="Lan - Accept related connections" connection-state=related disabled=no add action=accept chain=forward comment="Lan - From our Lan" disabled=no in-interface=bridge add action=log chain=forward comment="Lan - Log everything else" disabled=no log-prefix="Log IPv6" add action=reject chain=forward comment="Lan - Drop everything else" connection-state=new disabled=no in-interface=pppoe-edpnet reject-with=icmp-no-route

uPNP

1. IP > uPNP > Enabled
2. IP > uPNP > Interfaces > Add bridge as internal, pppoe-edpnet as external
3. Disable firewall rule "Drop all not coming from LAN"
4. See NAT rules under IP > uPNP > Firewall > NAT