Ik ga er van uit dat je IPv4 reeds werkend hebt middels een PPoE Client.
Ik maak gebruik van een WAN en LAN interface list. Zorg dat de juiste interfaces aanwezig zijn in jouw WAN en LAN interface list.
De bridge waar het LAN (IPv6) verkeer op wordt afgeleverd heet “bridge-local”.
Mijn PPoE client voor KPN heet “KPN” deze naam wordt ook verder in het script gebruikt als interface naam.
Er wordt geen gebruik gemaakt van de DNS die wordt aangeboden door KPN, als je dit wel wilt dan “use-peer-dns” op yes zetten i.p.v. no
Zorg dat bij je ppoe/ppp profiel dat “use-ipv6=yes” aan staat of in iedergeval niet op “use-ipv6=no” staat.
/ipv6 pool
/ipv6 address
add address=::1 from-pool=0 interface=bridge-local
/ipv6 dhcp-client
add interface=KPN pool-name=0 pool-prefix-length=48 request=prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment=”defconf: unspecified address” list=bad_ipv6
add address=::1/128 comment=”defconf: lo” list=bad_ipv6
add address=fec0::/10 comment=”defconf: site-local” list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment=”defconf: ipv4-mapped” list=bad_ipv6
add address=::/96 comment=”defconf: ipv4 compat” list=bad_ipv6
add address=100::/64 comment=”defconf: discard only ” list=bad_ipv6
add address=2001:db8::/32 comment=”defconf: documentation” list=bad_ipv6
add address=2001:10::/28 comment=”defconf: ORCHID” list=bad_ipv6
add address=3ffe::/16 comment=”defconf: 6bone” list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=”defconf: accept established,related,untracked” connection-state=established,related,untracked
add action=drop chain=input comment=”defconf: drop invalid” connection-state=invalid
add action=accept chain=input comment=”defconf: accept ICMPv6″ protocol=icmpv6
add action=accept chain=input comment=”defconf: accept UDP traceroute” port=33434-33534 protocol=udp
add action=accept chain=input comment=”defconf: accept DHCPv6-Client prefix delegation.” dst-port=546 protocol=udp src-address=fe80::/10
add action=drop chain=input comment=”defconf: drop everything else not coming from LAN” in-interface-list=!LAN
add action=accept chain=forward comment=”defconf: accept established,related,untracked” connection-state=established,related,untracked
add action=drop chain=forward comment=”defconf: drop invalid” connection-state=invalid
add action=drop chain=forward comment=”defconf: drop packets with bad src ipv6″ src-address-list=bad_ipv6
add action=drop chain=forward comment=”defconf: drop packets with bad dst ipv6″ dst-address-list=bad_ipv6
add action=drop chain=forward comment=”defconf: rfc4890 drop hop-limit=1″ hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment=”defconf: accept ICMPv6″ protocol=icmpv6
add action=accept chain=forward comment=”defconf: accept HIP” protocol=139
add action=drop chain=forward comment=”defconf: drop everything else not coming from LAN” in-interface-list=!LAN
add action=accept chain=input connection-state=established in-interface=KPN
add action=accept chain=input connection-state=related in-interface=KPN
add action=accept chain=input in-interface=KPN protocol=icmpv6
add action=accept chain=input comment=”DHCPv6 for public addresses” dst-address=fe80::/64 dst-port=546 in-interface=KPN log-prefix=DHCPv6 protocol=udp
add action=accept chain=input in-interface=KPN protocol=icmpv6
add action=accept chain=forward in-interface=KPN protocol=icmpv6
add action=reject chain=input in-interface=KPN reject-with=icmp-port-unreachable
add action=accept chain=forward connection-state=related in-interface=KPN
add action=accept chain=forward connection-state=established in-interface=KPN
add action=reject chain=forward in-interface=KPN reject-with=icmp-no-route
/ipv6 nd
set [ find default=yes ] advertise-dns=no disabled=yes
add advertise-dns=no advertise-mac-address=no hop-limit=64 interface=bridge-local managed-address-configuration=yes other-configuration=yes ra-interval=20s-1m
/ipv6 nd prefix
add autonomous=no interface=bridge-local
/ipv6 settings
set max-neighbor-entries=8192
*Affiliate links voor Mikrotik routers
MikroTik Wireless Router RB4011iGS+5HacQ2HnD-IN (RB4011iGS+5HacQ2HnD-IN)