You have your DSL modem installed, and want to have a secure connection to the Internet for your network. For that, you have to install MikroTik router between the DSL modem and your network:
Follow the steps below to connect your network to DSL line:
- Make your MikroTik router with two Ethernet NICs, one for the DSL modem, one for your network.
- When installing, make sure you install the dhcp software package, if your xDSL service provider uses DHCP to hand out IP configuration, and ppp package, if your service provider uses PPPoE for authentication and IP configuration.
- Make sure both interfaces are enabled, for example:
/interface enable ether1,ether2
- If your service provider uses DHCP for IP configuration, add DHCP client on the external (xDSL) interface to receive IP configuration form your service provider:
/ip dhcp-client add interface=ether1 disabled=no
- Check, if you have received IP configuration using print detail, for example:
[admin@MikroTik] ip dhcp-client> print detail Flags: X - disabled, I - invalid 0 interface=eth1-adsl add-default-route=yes use-peer-dns=yes use-peer-ntp=yes status=bound address=126.96.36.199/22 gateway=188.8.131.52 dhcp-server=184.108.40.206 primary-dns=220.127.116.11 secondary-dns=18.104.22.168 expires-after=5h5m46s
- If your service provider uses PPPoE for authentication and IP configuration, add PPPoE client to dial out to the service providers PPPoE server and receive IP configuration:
/ interface pppoe-client add interface=ether1 user="firstname.lastname@example.org" password="bunny" \ add-default-route=yes use-peer-dns=yes disabled=no
- Check if you have received IP configuration:
[admin@MikroTik] interface pppoe-client> monitor pppoe-out1 status: "connected" uptime: 1m17s idle-time: 0s encoding: "MPPE128 stateless" service-name: "home_dsl" ac-name: "Telco_DSL" ac-mac: 00:0C:42:05:03:99 mtu: 1480 mru: 1480
- Add your private network address to ether2 interface, for example:
/ip address add address=192.168.0.1/24 interface=ether2
- Configure masquerading for your local network:
/ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=masquerade
- Configure firewall to protect your router:
/ ip firewall filter add chain=input connection-state=established comment="Accept established connections" add chain=input connection-state=related comment="Accept related connections" add chain=input connection-state=invalid action=drop comment="Drop invalid connections" add chain=input protocol=udp action=accept comment="UDP" disabled=no add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings" add chain=input protocol=icmp action=drop comment="Drop excess pings" add chain=input in-interface=ether2 src-address=192.168.0.0/24 comment="From our LAN" action=accept add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" add chain=input action=drop comment="Drop everything else"
- (Optional) Run DHCP Setup to configure DHCP server to hand out IP configuration on your home network:
/ip dhcp-server setup
- (Optional) Enable local DNS cache to be used when resolving DNS requests from home computers:
/ip dns set allow-remote-requests=yesThat's it! You can access the Internet from your network!