Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Router - RouterOS and Routerboard: Difference between revisions

← Older editNewer edit →
Content deleted Content added
Useless (talk | contribs)
emailconfirmed
1 edit
No edit summary
Davis (talk | contribs)
5 edits
m Change interface names to aliases so that it's easier to apply to different hardware setups.
Line 1: Line 1:
*Also see: [[Router - RouterOS and Routerboard bonding]]
*Also see: [[Router - RouterOS and Routerboard bonding]]
*[irc://irc.z.je/routerboard irc://irc.z.je/routerboard] - which is hosted on the same irc server that AAISP use and contains (among others) lots of AAISP customers using Mikrotik
*[irc://irc.z.je/routerboard irc://irc.z.je/routerboard] - which is hosted on the Z.JE IRC server use and contains (among others) lots of AAISP customers using Mikrotik.


= Overview =
= Overview =
Line 23: Line 23:
= Default Configuration =
= Default Configuration =


This example assumes that the router is at its default configuration with any example/demo/supplied settings removed. Furthermore, it is assumed that your WAN (ADSL/VDSL/whatever modem) is plugged into interface 'ether1' and LAN into 'ether2'.
This example assumes that the router is at its default configuration with any example/demo/supplied settings removed. Furthermore, it is assumed that your WAN (ADSL/VDSL/whatever modem) is plugged into interface 'ether1' and LAN into 'ether2'. The following snippet changes the default interface names so that the examples below won't depend as closely on your hardware setup.

<pre>
/interface ethernet
set [ find default-name=ether1 ] name=uplink-wan
set [ find default-name=ether2 ] name=lan
</pre>


= Configuring Initial Basic Settings =
= Configuring Initial Basic Settings =
Line 51: Line 57:
broadcast=192.0.2.15 \
broadcast=192.0.2.15 \
disabled=no \
disabled=no \
interface=ether2 \
interface=lan \
network=192.0.2.0
network=192.0.2.0
/ipv6 address add \
/ipv6 address add \
Line 58: Line 64:
disabled=no \
disabled=no \
eui-64=no \
eui-64=no \
interface=ether2</pre>
interface=lan
</pre>

Set basic firewalling (all out, none in!)
Set basic firewalling (all out, none in!)
<pre>/ip firewall filter
<pre>/ip firewall filter
add action=accept chain=forward comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=forward comment="LAN traffic can go anywhere" disabled=no in-interface=lan
add action=accept chain=forward comment="Established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="Established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="Related traffic" connection-state=related disabled=no
add action=accept chain=forward comment="Related traffic" connection-state=related disabled=no
Line 67: Line 75:
add action=drop chain=forward comment="Drop the rest" disabled=no
add action=drop chain=forward comment="Drop the rest" disabled=no
add action=accept chain=output disabled=no
add action=accept chain=output disabled=no
add action=accept chain=input comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=input comment="LAN traffic can go anywhere" disabled=no in-interface=lan
add action=accept chain=input comment="Established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Related traffic" connection-state=related disabled=no
add action=accept chain=input comment="Related traffic" connection-state=related disabled=no
Line 74: Line 82:


/ipv6 firewall filter
/ipv6 firewall filter
add action=accept chain=forward comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=forward comment="LAN traffic can go anywhere" disabled=no in-interface=lan
add action=accept chain=forward comment="Established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="Established traffic" connection-state=established disabled=no
add action=accept chain=forward comment="Related traffic" connection-state=related disabled=no
add action=accept chain=forward comment="Related traffic" connection-state=related disabled=no
Line 80: Line 88:
add action=drop chain=forward comment="Drop the rest" disabled=no
add action=drop chain=forward comment="Drop the rest" disabled=no
add action=accept chain=output disabled=no
add action=accept chain=output disabled=no
add action=accept chain=input comment="LAN traffic can go anywhere" disabled=no in-interface=ether2
add action=accept chain=input comment="LAN traffic can go anywhere" disabled=no in-interface=lan
add action=accept chain=input comment="Established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Established traffic" connection-state=established disabled=no
add action=accept chain=input comment="Related traffic" connection-state=related disabled=no
add action=accept chain=input comment="Related traffic" connection-state=related disabled=no
Line 102: Line 110:
dial-on-demand=no \
dial-on-demand=no \
disabled=no \
disabled=no \
interface=ether1 \
interface=uplink-wan \
max-mru=1492 \
max-mru=1492 \
max-mtu=1492 \
max-mtu=1492 \
Line 145: Line 153:
disabled=no \
disabled=no \
hop-limit=64 \
hop-limit=64 \
interface=ether2 \
interface=lan \
managed-address-configuration=no \
managed-address-configuration=no \
mtu=1492 \
mtu=1492 \
Line 190: Line 198:
<pre>/ipv6 address
<pre>/ipv6 address
add address=2001:8b0:XXX::1/64 advertise=yes comment="advertise on lan" disabled=no eui-64=no \
add address=2001:8b0:XXX::1/64 advertise=yes comment="advertise on lan" disabled=no eui-64=no \
interface=ether2
interface=lan
</pre>
</pre>


Retrieved from "http://support.aa.net.uk/Router_-_RouterOS_and_Routerboard"