Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

User:TomJepp/RouterOS L2TP: Difference between revisions

← Older editNewer edit →
Content deleted Content added
TomJepp (talk | contribs)
96 edits
TomJepp (talk | contribs)
96 edits
Line 308: Line 308:


=== Firewall ===
=== Firewall ===

We will add some extra firewall rules - these rules will allow *all* traffic to the public IP ranges, and allow traffic from the public IP ranges to the internet, and to the DNS server on the router.

However, we will not allow the public IP ranges to initiate connections to the LAN bridge we set up earlier.


==== IPv4 firewall ====
==== IPv4 firewall ====

# Go to '''IP, Firewall''' and select the '''Filter Rules''' tab.
# Add a new rule:
## '''General, Chain''': "input"
## '''General, Protocol''': "udp"
## '''Dst. Port''': "53"
## '''General, In. Interface''': "bridge-l2tp-public"
## '''Action, Action''': "accept"
## '''Comment''': "input: allow UDP DNS from L2TP LAN"
## Save the rule with '''OK'''.
# Add a new rule:
## '''General, Chain''': "input"
## '''General, Protocol''': "tcp"
## '''Dst. Port''': "53"
## '''General, In. Interface''': "bridge-l2tp-public"
## '''Action, Action''': "accept"
## '''Comment''': "input: allow TCP DNS from L2TP LAN"
## Save the rule with '''OK'''.
# Add a new rule:
## '''General, Chain''': "forward"
## '''General, In. Interface''': "bridge-l2tp-public"
## '''General, Out. Interface''': "l2tp-aaisp"
## '''Action, Action''': "accept"
## '''Comment''': "forward: allow from L2TP public bridge to the internet"
## Save the rule with '''OK'''.
# Add a new rule:
## '''General, Chain''': "forward"
## '''General, In. Interface''': "l2tp-aaisp"
## '''General, Out. Interface''': "bridge-l2tp-public"
## '''Action, Action''': "accept"
## '''Comment''': "forward: allow from the internet to the L2TP public bridge"
## Save the rule with '''OK'''.

Rules can be re-ordered in the Firewall list by dragging them up and down. Drag these four new rules above the two "drop all remaining traffic" rules.

==== IPv6 firewall ====
==== IPv6 firewall ====

We'll repeat exactly the same rules for IPv6:

# Go to '''IPv6, Firewall''' and select the '''Filter Rules''' tab.
# Add a new rule:
## '''General, Chain''': "input"
## '''General, Protocol''': "udp"
## '''Dst. Port''': "53"
## '''General, In. Interface''': "bridge-l2tp-public"
## '''Action, Action''': "accept"
## '''Comment''': "input: allow UDP DNS from L2TP LAN"
## Save the rule with '''OK'''.
# Add a new rule:
## '''General, Chain''': "input"
## '''General, Protocol''': "tcp"
## '''Dst. Port''': "53"
## '''General, In. Interface''': "bridge-l2tp-public"
## '''Action, Action''': "accept"
## '''Comment''': "input: allow TCP DNS from L2TP LAN"
## Save the rule with '''OK'''.
# Add a new rule:
## '''General, Chain''': "forward"
## '''General, In. Interface''': "bridge-l2tp-public"
## '''General, Out. Interface''': "l2tp-aaisp"
## '''Action, Action''': "accept"
## '''Comment''': "forward: allow from L2TP public bridge to the internet"
## Save the rule with '''OK'''.
# Add a new rule:
## '''General, Chain''': "forward"
## '''General, In. Interface''': "l2tp-aaisp"
## '''General, Out. Interface''': "bridge-l2tp-public"
## '''Action, Action''': "accept"
## '''Comment''': "forward: allow from the internet to the L2TP public bridge"
## Save the rule with '''OK'''.

Rules can be re-ordered in the Firewall list by dragging them up and down. Drag these four new rules above the two "drop all remaining traffic" rules.


== CLI config example ==
== CLI config example ==
Retrieved from "http://support.aa.net.uk/User:TomJepp/RouterOS_L2TP"