Community discussions

MikroTik App
 
demandzm
just joined
Topic Author
Posts: 1
Joined: Sat Jan 21, 2023 6:06 am

IPV6 cant access internet from LAN

Sat Jan 21, 2023 7:02 am

I have never had IPV6 available to me until now so I have no idea what I am doing. I spent the last 2 weeks pulling my hair out trying to get this to work.
I have an ip address from my isp and I can ping ipv6 addresses from my router terminal.
All of my PCs are showing ipv6 addresses for the device, gateway, and dns, However I cannot access the internet from anything but the router.
Here is my configuration. I'm sure it is fubar by now since I resorted to changing settings to so what would happen.
# jan/20/2023 22:19:08 by RouterOS 7.7
# software id = F1JR-RDI5
#
# model = RB750Gr3
# serial number = 8B000BFEEF5D
/ipv6 dhcp-server
add address-pool=pool1 interface=bridge name=v6server
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=pool1 request=prefix
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMPv6" disabled=yes protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" disabled=yes port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." disabled=yes dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" disabled=yes dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" disabled=yes protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" disabled=yes protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" disabled=yes ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid disabled=yes
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" disabled=yes src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" disabled=yes dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" disabled=yes hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" disabled=yes protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" disabled=yes protocol=139
add action=accept chain=forward comment="defconf: accept IKE" disabled=yes dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" disabled=yes protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" disabled=yes protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" disabled=yes ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" disabled=yes in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] hop-limit=64 ra-interval=20s-1m
add hop-limit=64 interface=bridge managed-address-configuration=yes other-configuration=yes
/ipv6 nd prefix
add autonomous=no interface=bridge
/ipv6 route
add disabled=no dst-address=ether1 gateway=bridge routing-table=main
add disabled=no dst-address=bridge gateway=ether1 routing-table=main
add disabled=no dst-address=ether1 gateway=bridge routing-table=main
add disabled=no dst-address=ether1 gateway=bridge routing-table=main
/ipv6 settings
set accept-router-advertisements=yes max-neighbor-entries=8192

Who is online

Users browsing this forum: No registered users and 41 guests