I have managed to get an IPv6 connection with a /56 prefix. Connection is working fine. However, with legacy v4 using srcnat masquerading, I cannot reach v4 only sites on WAN.
I have a Vigor 167 in front of my MT and the Vigor is doing VLAN7 tagging to be able to do pppoe via MT (Deutsche Telekom).
Please find below my current (minimal) config:
Code: Select all
[admin@MikroTik] /ip/firewall/filter> /export hide-sensitive
# nov/29/2022 13:03:06 by RouterOS 7.7beta8
# software id = FTRU-GQLV
#
# model = CRS328-24P-4S+
# serial number = XXXXXXXX
/interface bridge
add admin-mac=18:FD:74:98:E9:2D auto-mac=no comment=defconf name=bridge
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool1 ranges=192.168.42.20-192.168.42.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=bridge name=dhcp1
/port
set 0 name=serial0
/interface pppoe-client
add add-default-route=yes allow=pap,chap,mschap2 disabled=no interface=ether1 name=pppoe-out1 profile=\
default-encryption use-peer-dns=yes user=0021772367855511360109900001@t-online.de
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
/interface bridge settings
set use-ip-firewall-for-pppoe=yes
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.42.1/24 interface=bridge network=192.168.42.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.42.0/24 gateway=192.168.42.1 netmask=24
/ip firewall filter
add chain=input comment="Accept established and related packets" connection-state=established,related
add action=accept chain=input comment="Accept all connections from local network" in-interface-list=LAN
add action=accept chain=forward connection-nat-state=dstnat connection-state=established,related \
in-interface-list=WAN
add action=accept chain=forward comment="accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid log-prefix=Invalid-
add action=drop chain=output comment="drop invalid" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat dst-address=!192.168.42.0/24 out-interface-list=WAN src-address=\
192.168.42.0/24 to-addresses=0.0.0.0/0
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ipv6 address
add from-pool=telekom-pool interface=bridge
/ipv6 dhcp-client
add add-default-route=yes interface=pppoe-out1 pool-name=telekom-pool pool-prefix-length=56 request=prefix
/system clock
set time-zone-name=Europe/Berlin
/system routerboard settings
set boot-os=router-os
Thanks and BR
Patrick