I've just ditched our constantly freezing TP-link router and replaced it with a Mikrotik RB951G-2HnD, connected on eth1 to a Draytek Vigor 120 ADSL modem running in PPPoE passthrough mode.Everything seems to be working smoothly (and with much stronger wifi signal too), but I'm not quite sure whether I've set up the firewall rules correctly. The PPPoE client is running on the eth1 interface, and I've changed the default firewall rules in-interface from "eth1" to "pppoe-out1". Is this correct, or should the rules be on eth1? Any other criticisms gratefully accepted too - I'm new to the networking side of things, and it's interesting to learn, but the Mikrotik certainly exposes a scary number of options.Current settings are below (hopefully with all the passwords removed). The Draytek modem is at 192.168.1.1, and I've managed to set things up so that I can still log in to it at that address, although I may have done that in a less than perfect way too... /interface bridgeadd admin-mac=xxxxxxxxxxxxx auto-mac=no comment=defconf name=bridge/interface ethernetset [ find default-name=ether2 ] name=ether2-masterset [ find default-name=ether3 ] master-port=ether2-masterset [ find default-name=ether4 ] master-port=ether2-masterset [ find default-name=ether5 ] master-port=ether2-master/interface pppoe-clientadd add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \ use-peer-dns=yes user=user@xtra.co.nz/ip neighbor discoveryset ether1 discover=noset bridge comment=defconf/interface wireless security-profilesadd authentication-types=wpa2-psk eap-methods="" management-protection=\ allowed mode=dynamic-keys name="WLAN profile" supplicant-identity=""/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n country="new zealand" \ disabled=no distance=indoors frequency-mode=regulatory-domain mode=\ ap-bridge security-profile="WLAN profile" ssid=test \ wireless-protocol=802.11/ip pooladd name=dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=dhcp disabled=no interface=bridge lease-time=2h name=defconf/interface bridge portadd bridge=bridge comment=defconf interface=ether2-masteradd bridge=bridge comment=defconf interface=wlan1/ip addressadd address=192.168.88.1/24 comment=defconf interface=ether2-master network=\ 192.168.88.0add address=192.168.1.0 interface=ether1 network=192.168.1.1/ip dhcp-clientadd comment=defconf dhcp-options=hostname,clientid interface=ether1/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf gateway=192.168.88.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.88.1 name=router/ip firewall filteradd chain=input comment="defconf: accept ICMP" protocol=icmpadd chain=input comment="defconf: accept established,related" \ connection-state=established,relatedadd action=drop chain=input comment="defconf: drop all from WAN" \ in-interface=pppoe-out1add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,relatedadd chain=forward comment="defconf: accept established,related" \ connection-state=established,relatedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface=pppoe-out1/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ out-interface=pppoe-out1add action=masquerade chain=srcnat dst-address=192.168.1.0/24 out-interface=\ ether1/ip serviceset telnet disabled=yesset ssh disabled=yes/system clockset time-zone-name=Pacific/Auckland/system clock manualset time-zone=+12:00/system ledsset 0 interface=wlan1/system routerboard settingsset init-delay=0s protected-routerboot=disabled/tool mac-serverset [ find default=yes ] disabled=yesadd interface=bridge/tool mac-server mac-winboxset [ find default=yes ] disabled=yesadd interface=bridge
↧