Skip to content

Instantly share code, notes, and snippets.

@AjkayAlan

AjkayAlan/MikrotikRB5009Setup.md

Last active September 26, 2024 00:50
Show Gist options
  • Save AjkayAlan/33ffb8c382868c984aa63403080562dc to your computer and use it in GitHub Desktop.
Save AjkayAlan/33ffb8c382868c984aa63403080562dc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
MikrotikRB5009Setup.md

Quickstart

  • Plug WAN into eth1, LAN into eth2
  • Boot up, go to 192.168.88.1. Login with default creds.
  • Webfig -> System -> Reset Configuration. Wait for the reboot.
    • This makes it so you get good IPv6 firewall rules by default
  • In Quick Set:
    • Ensure Port is Eth1
    • Ensure Address Acquisition is Automatic
    • Set IP Address to 192.168.1.1
    • Set DHCP Server Range to 192.168.1.50-192.168.1.254
    • Apply.
  • You may need to go to Webfig -> IP -> DHCP Server -> Networks, and correct the DNS server to match 192.168.1.1 (it may still advertise as 192.168.88.1)

DNS

Not a fan of my default DNS providers - I run a Pi with a DNS resolver anyway, so use that.

  • Webfig -> IP -> DNS, and set your DNS servers. Apply.
  • Webfig -> IP -> DHCP Client -> ether1 -> Uncheck "Use Peer DNS". Apply.

To force all other devices to use this as the DNS (note it won't prevent DNS over HTTPS):

/ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.1.10 protocol=udp src-address=!192.168.1.10 dst-address=!192.168.1.10 dst-port=53 in-interface=bridge
/ip firewall nat add chain=srcnat action=masquerade protocol=udp src-address=192.168.1.1/24 dst-address=192.168.1.10 dst-port=53

UPnP

Needed for Xbox, Nintendo Switch, etc. Yes I know its bad, I am too lazy to make them better via other means.

  • Webfig -> IP -> UPnP -> Interfaces -> Add New -> Enabled, bridge, Internal. OK
  • Webfig -> IP -> UPnP -> Interfaces -> Add New -> Enabled, ether1, External. OK
  • Webfig -> IP -> UPnP -> Enabled. Apply.

IPv6 - Correct way for Xfinity?

  • Webfig -> IPv6 -> Settings
    • Accept Router Advertisements: yes
  • Webfig -> IPv6 -> Firewall
  • Webfig -> IPv6 -> DHCP Client -> Add New
    • Interface: ether1
    • Request: prefix
    • Pool Name: delegation
    • Pool Prefix Length: 64
    • Prefix Hint: ::/0
    • Use Peer DNS: Unchecked
    • Add Default Route: Unchecked
  • Webfig -> IPv6 -> Addresses -> Add New
    • From Pool: delegation
    • Interface: bridge
    • Advertise: yes
    • Alternatively: /ipv6 address add address=::1 from-pool=delegation interface=bridge
  • Webfig -> IPv6 -> ND -> Default
    • Interface: Bridge
    • Advertise DNS: Unchecked

IPv6 - Not sure about this way...

If your ISP supports IPv6 - try getting a /56:

  • Webfig -> IPv6 -> DHCP Client -> Add New
    • Interface: ether1
    • Request: prefix
    • Pool Name: delegation
    • Pool Prefix Length: 60
    • Prefix Hint: ::/56
    • Use Peer DNS: Unchecked
    • Add Default Route: Checked
  • Webfig -> IPv6 -> Addresses -> Add New
    • From Pool: delegation
    • Interface: bridge
    • Alternatively: /ipv6 address add address=::1 from-pool=delegation interface=bridge
  • Webfig -> IPv6 -> ND -> Default
    • Interface: Bridge
    • Advertise DNS: Unchecked

RDP Dropping Fix

RDP connections to Windows Server 2012 seem to drop. You can fix by increasing the UDP timeout to 20s:

  • IP -> Firewall -> Connections -> Tracking -> UDP Timeout -> 00:00:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment