Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

MikroTik RouterOS and IPv6

Options
  • 19-12-2012 6:14pm
    #1
    lotas
    Registered Users Posts: 931 ✭✭✭


    Morning all.

    Just setup an IPv6 network in the house (my findings have been posted here: http://tiernanotoole.ie/2012/12/19/ipv6_%2B_mikrotik_%2B_linux_%2B_windows.html). anyway, I am now confused as to what i should be setting in the firewall rules... I have the following:
    [admin@MikroTik] /ipv6 firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=input action=accept connection-state=established in-interface=WAN1 

 1   chain=input action=accept connection-state=related in-interface=WAN1 

 2   chain=input action=drop connection-state=invalid in-interface=WAN1 

 3   chain=input action=drop in-interface=WAN1 
[admin@MikroTik] /ipv6 firewall filter>

    but the counters are not incrementing... I have changed WAN1 to sit1 (which is the HE Tunnel Broker tunnel) but still no luck... Any ideas? Anyone setup an IPv6 Network yet? IPv6 is working alright, i can see ipv6.google.com, passing all the tests, etc, but i am now worried about any machine on the network with IPv6 enabled now is now available publicly... any ideas?


Comments

  • Options
    #2
    daffy_duc
    Registered Users Posts: 194 ✭✭daffy_duc


    The input chain is for traffic going to the device itself. It won't match any traffic passing through the device.
    Use the forward chain for traffic being forwarded.


  • Options
    #3
    lotas
    Registered Users Posts: 931 ✭✭✭lotas


    yea, I meant to update this... I updated the config to the following:
    [admin@MikroTik] /ipv6 firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Allow established connections
     chain=input action=accept connection-state=established 

 1   ;;; Allow related connections
     chain=input action=accept connection-state=related 

 2   ;;; Allow limited ICMP
     chain=input action=accept protocol=icmpv6 limit=50/5s,5 

 3   ;;; Allow UDP
     chain=input action=accept protocol=udp 

 4   chain=input action=drop 

 5   ;;; Allow any to internet
     chain=forward action=accept out-interface=sit1 

 6   ;;; Allow established connections
     chain=forward action=accept connection-state=established 

 7   ;;; Allow related connections
     chain=forward action=accept connection-state=related 

 8   chain=forward action=drop

    sit1 is the tunnel to the Tunnel Broker...


Advertisement