Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

MikroTik RouterOS and IPv6

  • 19-12-2012 06:14PM
    #1
    lotas
    Registered Users, Registered Users 2 Posts: 948 ✭✭✭


    Morning all.

    Just setup an IPv6 network in the house (my findings have been posted here: http://tiernanotoole.ie/2012/12/19/ipv6_%2B_mikrotik_%2B_linux_%2B_windows.html). anyway, I am now confused as to what i should be setting in the firewall rules... I have the following:
    [admin@MikroTik] /ipv6 firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=input action=accept connection-state=established in-interface=WAN1 

 1   chain=input action=accept connection-state=related in-interface=WAN1 

 2   chain=input action=drop connection-state=invalid in-interface=WAN1 

 3   chain=input action=drop in-interface=WAN1 
[admin@MikroTik] /ipv6 firewall filter>

    but the counters are not incrementing... I have changed WAN1 to sit1 (which is the HE Tunnel Broker tunnel) but still no luck... Any ideas? Anyone setup an IPv6 Network yet? IPv6 is working alright, i can see ipv6.google.com, passing all the tests, etc, but i am now worried about any machine on the network with IPv6 enabled now is now available publicly... any ideas?


Comments

  • #2
    daffy_duc
    Registered Users, Registered Users 2 Posts: 194 ✭✭daffy_duc


    The input chain is for traffic going to the device itself. It won't match any traffic passing through the device.
    Use the forward chain for traffic being forwarded.


  • #3
    lotas
    Registered Users, Registered Users 2 Posts: 948 ✭✭✭lotas


    yea, I meant to update this... I updated the config to the following:
    [admin@MikroTik] /ipv6 firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Allow established connections
     chain=input action=accept connection-state=established 

 1   ;;; Allow related connections
     chain=input action=accept connection-state=related 

 2   ;;; Allow limited ICMP
     chain=input action=accept protocol=icmpv6 limit=50/5s,5 

 3   ;;; Allow UDP
     chain=input action=accept protocol=udp 

 4   chain=input action=drop 

 5   ;;; Allow any to internet
     chain=forward action=accept out-interface=sit1 

 6   ;;; Allow established connections
     chain=forward action=accept connection-state=established 

 7   ;;; Allow related connections
     chain=forward action=accept connection-state=related 

 8   chain=forward action=drop

    sit1 is the tunnel to the Tunnel Broker...


Advertisement