Difference between revisions of "How to Connect your Home Network to xDSL Line"

From MikroTik Wiki
Jump to: navigation, search
m
Line 45: Line 45:
 
  add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"  
 
  add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"  
 
  add chain=input protocol=icmp action=drop comment="Drop excess pings"  
 
  add chain=input protocol=icmp action=drop comment="Drop excess pings"  
  add chain=input src-address=192.168.0.0/24 comment="From our LAN"
+
  add chain=input in-interface=ether2 src-address=192.168.0.0/24 comment="From our LAN"
 
  add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
 
  add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
 
  add chain=input action=drop comment="Drop everything else"
 
  add chain=input action=drop comment="Drop everything else"

Revision as of 09:59, 20 September 2007

You have your Home DSL modem installed, and want to have a secure connection to the Internet for your home network. For that, you have to install MikroTik router between the DSL modem and your home network:

Adsl.jpg

Follow the steps below to connect your home network to xDSL line:

  • Make your MikroTik router with two Ethernet NICs, one for the Home DSL modem, one for your home network. See instructions in the Basic Setup Guide!
  • When installing, make sure you install the dhcp software package, if your xDSL service provider uses DHCP to hand out IP configuration, and ppp package, if your service provider uses PPPoE for authentication and IP configuration.
  • Make sure both interfaces are enabled, for example:
/interface enable ether1,ether2
  • If your service provider uses DHCP for IP configuration, add DHCP client on the external (xDSL) interface to receive IP configuration form your service provider:
/ip dhcp-client add interface=ether1 disabled=no
  • Check, if you have received IP configuration using print detail, for example:
[admin@MikroTik] ip dhcp-client> print detail     
Flags: X - disabled, I - invalid 
 0   interface=eth1-adsl add-default-route=yes use-peer-dns=yes 
     use-peer-ntp=yes status=bound address=81.198.55.240/22 
     gateway=81.198.52.1 dhcp-server=81.198.232.1 primary-dns=80.232.169.11 
     secondary-dns=195.122.1.59 expires-after=5h5m46s 
  • If your service provider uses PPPoE for authentication and IP configuration, add PPPoE client to dial out to the service providers PPPoE server and receive IP configuration:
/ interface pppoe-client 
add interface=ether1 user="mtrouter@adsl.com" password="bunny" \
add-default-route=yes use-peer-dns=yes disabled=no
  • Check if you have received IP configuration:
[admin@MikroTik] interface pppoe-client> monitor pppoe-out1 
        status: "connected"
        uptime: 1m17s
     idle-time: 0s
      encoding: "MPPE128 stateless"
  service-name: "home_dsl"
       ac-name: "Telco_DSL"
        ac-mac: 00:0C:42:05:03:99
           mtu: 1480
           mru: 1480
  • Add your private network address to ether2 interface, for example:
/ip address add address=192.168.0.1/24 interface=ether2
  • Configure masquerading for your local network:
/ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=masquerade
  • Configure firewall to protect your router:
/ ip firewall filter
add chain=input connection-state=established comment="Accept established connections"
add chain=input connection-state=related comment="Accept related connections"
add chain=input connection-state=invalid action=drop comment="Drop invalid connections" 
add chain=input protocol=udp action=accept comment="UDP" disabled=no 
add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings" 
add chain=input protocol=icmp action=drop comment="Drop excess pings" 
add chain=input in-interface=ether2 src-address=192.168.0.0/24 comment="From our LAN"
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
add chain=input action=drop comment="Drop everything else"
  • (Optional) Run DHCP Setup to configure DHCP server to hand out IP configuration on your home network:
/ip dhcp-server setup
  • (Optional) Enable local DNS cache to be used when resolving DNS requests from home computers:
/ip dns set allow-remote-requests=yes

That's it! You can access the Internet from your home network!