I recently replaced my CHR with a Unifi UXG Max, but I’m experiencing significant PPPoE performance issues. The UXG Max uses all 4 cores and only achieves a download speed of 750Mbps. I plan to have the Mikrotik handle PPPoE in front of the Unifi UXG, with the UXG’s WAN set to DHCP.
The network topology will be as follows: FOM => Mikrotik CHR (192.168.88.1) => Unifi UXG (DHCP client on WAN 192.168.88.2 / LAN bridge 192.168.1.1) => Other devices (192.168.1.0/24)
To ensure UPnP and port forwarding function correctly on the Unifi UXG as if it were the sole router, what configurations are needed on the Mikrotik CHR? Additionally, what specific filter rules should I implement on the Mikrotik CHR to maintain the security of my home network?
Perhaps: configure CHR with firewall rules (and SRC NAT rule) according to defaults for SoHo MT devices (they were posted a few times in last year or two in some posts on this forum, use your favourite search engine to find them). Those defaults generally offer decent base for customization …
Then add a DST NAT rule which will forward all ports to your “secondary router”. Just make sure your DST NAT rule will be selective enough (as to source of packets) so that you’ll still be able to create management connections … whichever means of management you want to use. Beware that default setup means that all forwarded ports are open for entire internet abd if you’ll forward all ports to “secondary router”, then you’ll “forward” also responsibility for security.
You may have to tweak/add NAT rules if you’ll try to access services at public IP address from within your LAN (hairpin NAT).