Difference between revisions of "How to Connect your Home Network to xDSL Line"

From MikroTik Wiki
Jump to: navigation, search
 
m (Protected "How to Connect your Home Network to xDSL Line": will be in manual [edit=sysop:move=sysop])
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
You have your Home DSL modem installed, and want to have a secure connection to the Internet for your home network. For that, you have to install MikroTik router between the DSL modem and your home network:
 
You have your Home DSL modem installed, and want to have a secure connection to the Internet for your home network. For that, you have to install MikroTik router between the DSL modem and your home network:
 +
 +
[[Image:Adsl.jpg]]
  
 
Follow the steps below to connect your home network to xDSL line:
 
Follow the steps below to connect your home network to xDSL line:
  
 
* Make your MikroTik router with two Ethernet NICs, one for the Home DSL modem, one for your home network. See instructions in the Basic Setup Guide!
 
* Make your MikroTik router with two Ethernet NICs, one for the Home DSL modem, one for your home network. See instructions in the Basic Setup Guide!
* When installing, make sure you install the dhcp software package, if your xDSL service provider uses DHCP to hand out IP configuration.
+
* When installing, make sure you install the dhcp software package, if your xDSL service provider uses DHCP to hand out IP configuration, and ppp package, if your service provider uses PPPoE for authentication and IP configuration.
 
* Make sure both interfaces are enabled, for example:
 
* Make sure both interfaces are enabled, for example:
 
  /interface enable ether1,ether2
 
  /interface enable ether1,ether2
* Add DHCP client on the external (xDSL) interface to receive IP configuration form your service provider:
+
* If your service provider uses DHCP for IP configuration, add DHCP client on the external (xDSL) interface to receive IP configuration form your service provider:
 
  /ip dhcp-client add interface=ether1 disabled=no
 
  /ip dhcp-client add interface=ether1 disabled=no
 
* Check, if you have received IP configuration using '''print detail''', for example:
 
* Check, if you have received IP configuration using '''print detail''', for example:
Line 16: Line 18:
 
       gateway=81.198.52.1 dhcp-server=81.198.232.1 primary-dns=80.232.169.11  
 
       gateway=81.198.52.1 dhcp-server=81.198.232.1 primary-dns=80.232.169.11  
 
       secondary-dns=195.122.1.59 expires-after=5h5m46s  
 
       secondary-dns=195.122.1.59 expires-after=5h5m46s  
 +
* If your service provider uses PPPoE for authentication and IP configuration, add PPPoE client to dial out to the service providers PPPoE server and receive IP configuration:
 +
/ interface pppoe-client
 +
add interface=ether1 user="mtrouter@adsl.com" password="bunny" \
 +
add-default-route=yes use-peer-dns=yes disabled=no
 +
* Check if you have received IP configuration:
 +
[admin@MikroTik] interface pppoe-client> monitor pppoe-out1
 +
        status: "connected"
 +
        uptime: 1m17s
 +
      idle-time: 0s
 +
      encoding: "MPPE128 stateless"
 +
  service-name: "home_dsl"
 +
        ac-name: "Telco_DSL"
 +
        ac-mac: 00:0C:42:05:03:99
 +
            mtu: 1480
 +
            mru: 1480
 
* Add your private network address to ether2 interface, for example:
 
* Add your private network address to ether2 interface, for example:
 
  /ip address add address=192.168.0.1/24 interface=ether2
 
  /ip address add address=192.168.0.1/24 interface=ether2
Line 21: Line 38:
 
  /ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=masquerade
 
  /ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=masquerade
 
* Configure firewall to protect your router:
 
* Configure firewall to protect your router:
  /
+
  / ip firewall filter
 +
add chain=input connection-state=established comment="Accept established connections"
 +
add chain=input connection-state=related comment="Accept related connections"
 +
add chain=input connection-state=invalid action=drop comment="Drop invalid connections"
 +
add chain=input protocol=udp action=accept comment="UDP" disabled=no
 +
add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"
 +
add chain=input protocol=icmp action=drop comment="Drop excess pings"
 +
add chain=input in-interface=ether2 src-address=192.168.0.0/24 comment="From our LAN" action=accept
 +
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
 +
add chain=input action=drop comment="Drop everything else"
 
* (Optional) Run DHCP Setup to configure DHCP server to hand out IP configuration on your home network:
 
* (Optional) Run DHCP Setup to configure DHCP server to hand out IP configuration on your home network:
 
  /ip dhcp-server setup
 
  /ip dhcp-server setup
 +
* (Optional) Enable local DNS cache to be used when resolving DNS requests from home computers:
 +
/ip dns set allow-remote-requests=yes
 +
That's it! You can access the Internet from your home network!

Latest revision as of 10:57, 19 February 2008

You have your Home DSL modem installed, and want to have a secure connection to the Internet for your home network. For that, you have to install MikroTik router between the DSL modem and your home network:

Adsl.jpg

Follow the steps below to connect your home network to xDSL line:

  • Make your MikroTik router with two Ethernet NICs, one for the Home DSL modem, one for your home network. See instructions in the Basic Setup Guide!
  • When installing, make sure you install the dhcp software package, if your xDSL service provider uses DHCP to hand out IP configuration, and ppp package, if your service provider uses PPPoE for authentication and IP configuration.
  • Make sure both interfaces are enabled, for example:
/interface enable ether1,ether2
  • If your service provider uses DHCP for IP configuration, add DHCP client on the external (xDSL) interface to receive IP configuration form your service provider:
/ip dhcp-client add interface=ether1 disabled=no
  • Check, if you have received IP configuration using print detail, for example:
[admin@MikroTik] ip dhcp-client> print detail     
Flags: X - disabled, I - invalid 
 0   interface=eth1-adsl add-default-route=yes use-peer-dns=yes 
     use-peer-ntp=yes status=bound address=81.198.55.240/22 
     gateway=81.198.52.1 dhcp-server=81.198.232.1 primary-dns=80.232.169.11 
     secondary-dns=195.122.1.59 expires-after=5h5m46s 
  • If your service provider uses PPPoE for authentication and IP configuration, add PPPoE client to dial out to the service providers PPPoE server and receive IP configuration:
/ interface pppoe-client 
add interface=ether1 user="mtrouter@adsl.com" password="bunny" \
add-default-route=yes use-peer-dns=yes disabled=no
  • Check if you have received IP configuration:
[admin@MikroTik] interface pppoe-client> monitor pppoe-out1 
        status: "connected"
        uptime: 1m17s
     idle-time: 0s
      encoding: "MPPE128 stateless"
  service-name: "home_dsl"
       ac-name: "Telco_DSL"
        ac-mac: 00:0C:42:05:03:99
           mtu: 1480
           mru: 1480
  • Add your private network address to ether2 interface, for example:
/ip address add address=192.168.0.1/24 interface=ether2
  • Configure masquerading for your local network:
/ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=masquerade
  • Configure firewall to protect your router:
/ ip firewall filter
add chain=input connection-state=established comment="Accept established connections"
add chain=input connection-state=related comment="Accept related connections"
add chain=input connection-state=invalid action=drop comment="Drop invalid connections" 
add chain=input protocol=udp action=accept comment="UDP" disabled=no 
add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings" 
add chain=input protocol=icmp action=drop comment="Drop excess pings" 
add chain=input in-interface=ether2 src-address=192.168.0.0/24 comment="From our LAN" action=accept
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
add chain=input action=drop comment="Drop everything else"
  • (Optional) Run DHCP Setup to configure DHCP server to hand out IP configuration on your home network:
/ip dhcp-server setup
  • (Optional) Enable local DNS cache to be used when resolving DNS requests from home computers:
/ip dns set allow-remote-requests=yes

That's it! You can access the Internet from your home network!