Created
May 30, 2020 23:08
-
-
Save mtrimarchi/0fa97a676cbff5fd4818ea86a6c6e00d to your computer and use it in GitHub Desktop.
Working 6rd/6to4 script for modems without native IPV6 in firmware operating on native IPV6 network - https://forum.mikrotik.com/viewtopic.php?t=134621
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 6to4.rsc | |
| # Notes | |
| # We cannot use variables here, somehow the router rejects them. | |
| /interface 6to4 | |
| # The first value to replace here is your WAN IPv4 address (the one you get when you type "my ip" in google search | |
| # The second value is the one called "IPv4 Relay" in the calculator. | |
| add clamp-tcp-mss=yes disabled=no dont-fragment=no dscp=inherit local-address=<WAN_IP_HERE> mtu=1480 name=6rd remote-address=<IPV4_RELAY_ADDRESS_HERE> | |
| # "IPv6 6RD Adress" | |
| /ipv6 pool add name=ip6 prefix=<IPV6_6RD_ADDRESS_HERE_MINE_ENDS_IN_/60> prefix-length=64 | |
| /ipv6 address | |
| # "Prefix 6RD"/"Mask 6RD" | |
| # i.e | |
| # Prefix 6RD: AAAA::BBBB::CCCC:: | |
| # Mask 6RD: DD | |
| # Would give something like: AAAA::BBBB::CCCC::/DD | |
| add address=<PREFIX_HERE/MASK_HERE> advertise=no disabled=no eui-64=no from-pool="" interface=6rd no-dad=no | |
| add address=::/64 advertise=yes disabled=no eui-64=no from-pool=ip6 interface=bridge no-dad=no | |
| /ipv6 route | |
| add disabled=no distance=1 dst-address=2000::/3 gateway=6rd scope=30 target-scope=10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # firewall6.rsc | |
| /ipv6 firewall filter | |
| # WARNING: This will wipe your entire ipv4 firewall. Remove this line if you wish to keep | |
| # your existing rules, but your script will need adjustments. | |
| remove [ find where dynamic=no ] | |
| add action=accept chain=input comment="accept established connections" connection-state=established,related | |
| add action=accept chain=input comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6 | |
| add action=accept chain=input comment="accept DHCP6 messages" dst-port=546 protocol=udp src-address=fe80::/64 | |
| add action=drop chain=input comment="drop remaining incoming from WAN" in-interface=ether1 | |
| add action=accept chain=forward comment="accept established connections" connection-state=established,related | |
| add action=accept chain=forward comment="accept ICMP6 messages" limit=100,10:packet protocol=icmpv6 | |
| add action=drop chain=forward comment="drop invalid connections" connection-state=invalid | |
| add action=drop chain=forward comment="drop remaining incoming from WAN" in-interface=ether1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ip6ra.rsc | |
| /ipv6 nd | |
| set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes \ | |
| disabled=no hop-limit=unspecified interface=all \ | |
| managed-address-configuration=no mtu=unspecified \ | |
| other-configuration=yes ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m \ | |
| reachable-time=unspecified retransmit-interval=unspecified | |
| /ipv6 nd prefix default set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment