Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




4 posts

Wannabe Geek


# 261411 26-Nov-2019 12:08
Send private message quote this post

Good Day,

 

 

 

I would like to ask if someone could assist with a how to guide on how to setup your Mikrotik Modem to connect to Fibre.

 

 

 

Thanks


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
738 posts

Ultimate Geek


  # 2360901 26-Nov-2019 12:14
One person supports this post
Send private message quote this post

There is a general guide here




4 posts

Wannabe Geek


  # 2360904 26-Nov-2019 12:18
Send private message quote this post

Thanks will use this to set it up


 
 
 
 


115 posts

Master Geek


  # 2360918 26-Nov-2019 13:24
Send private message quote this post

what ISP are you with?

 

 




4 posts

Wannabe Geek


  # 2360919 26-Nov-2019 13:25
Send private message quote this post

Will be Voyager


738 posts

Ultimate Geek


  # 2360923 26-Nov-2019 13:42
Send private message quote this post

Cornelius16:

 

Will be Voyager

 

 

According to this list, Voyager requires VLAN 10 tagging with PPPOE




4 posts

Wannabe Geek


  # 2360932 26-Nov-2019 14:09
Send private message quote this post

Thanks


28571 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2361015 26-Nov-2019 16:54
2 people support this post
Send private message quote this post

Make sure you correctly firewall the PPPoE interface or you'll be the subject of a DNS amplification attack within minutes.

 

 


 
 
 
 


Linux Systems Admin
1144 posts

Uber Geek

Trusted
Integrity Tech Solutions
Subscriber

  # 2361210 26-Nov-2019 23:04
Send private message quote this post

sbiddle:

 

Make sure you correctly firewall the PPPoE interface or you'll be the subject of a DNS amplification attack within minutes.

 

 

 

 

Or turn DNS off.

 

Also make sure you set an admin password before connecting it to the internet otherwise you will be root'd in very short order.





Integrity Tech Solutions @ Norsewood, New Zealand


28571 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2361281 27-Nov-2019 07:15
2 people support this post
Send private message quote this post

MichaelNZ:

 

sbiddle:

 

Make sure you correctly firewall the PPPoE interface or you'll be the subject of a DNS amplification attack within minutes.

 

 

 

 

Or turn DNS off.

 

Also make sure you set an admin password before connecting it to the internet otherwise you will be root'd in very short order.

 

 

But you need a properly configured firewall regardless so turning DNS off is a just a dumb solution. I can't think of a single good reason why you wouldn't want to run a local DNS proxy for 99.9% of situations where it''s  being used a router.

 

And if you're not going to configure the firewall correctly for PPPoE it won't matter if you change the password or not because unless you're running the latest ROS updates the router can (and probably will eventually if it's sitting in the Internet exposed for long enough) be compromised regardless of what the password is.

 

At least with newer versions of ROS configuring a PPPoE firewall is a lot simpler because you just add the PPPoE interface to the WAN interface lists which means all the default rules will apply.

 

 


115 posts

Master Geek


  # 2361448 27-Nov-2019 11:42
Send private message quote this post

My Three Recommendations

 

* Update ROS (6.44.6)

 

* Once you have configured your router disable the MAC /tool mac-server 

 

* On your PPPoE (or WAN) have two firewall rules MINIMUM (1st an Input rule to allow established, related Traffic, 2nd input rule to drop everything else)

 

 

 

 

 

 

 

  

 

 

 

 


4323 posts

Uber Geek


  # 2361452 27-Nov-2019 11:46
Send private message quote this post

Why would you disable the MAC server? You're just making things hard for yourself!

 

And you need a hell of a lot more than just two firewall rules as a minimum. I'd say for a newbie, the default set is a good start.


115 posts

Master Geek


  # 2361456 27-Nov-2019 11:54
One person supports this post
Send private message quote this post

chevrolux:

 

Why would you disable the MAC server? You're just making things hard for yourself!

 

 

At least on the WAN ports

 

chevrolux:

 

And you need a hell of a lot more than just two firewall rules as a minimum. I'd say for a newbie, the default set is a good start.

 

 

Agreed, but this is a start 


'That VDSL Cat'
11507 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2361480 27-Nov-2019 12:41
Send private message quote this post

MichaelNZ:

 

sbiddle:

 

Make sure you correctly firewall the PPPoE interface or you'll be the subject of a DNS amplification attack within minutes.

 

 

 

 

Or turn DNS off.

 

Also make sure you set an admin password before connecting it to the internet otherwise you will be root'd in very short order.

 

 

damn Michael,

 

please dont tell me you push 8.8.8.8 through your whole network rather than using dns caches?





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


7195 posts

Uber Geek

Trusted
Subscriber

  # 2361488 27-Nov-2019 12:59
One person supports this post
Send private message quote this post

The firewall rules out of the box are fine for most domestic situations, just ensure you add the pppoe to the WAN address list and the issues relating to DNS attacks etc go away.

 

Cyril


28571 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2361538 27-Nov-2019 14:42
2 people support this post
Send private message quote this post

chevrolux:

 

Why would you disable the MAC server? You're just making things hard for yourself!

 

And you need a hell of a lot more than just two firewall rules as a minimum. I'd say for a newbie, the default set is a good start.

 

 

Unless people fully understand firewall rules there is no reason why you'd remove any of the default rules. Only having two input rules overlooks all the forward rules which exist by default for a very good reason.

 

At least it's much simpler to add a PPPoE client now with the address lists option. It used to require multiple changes historically. 


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32


Vodafone 5G service live in four cities
Posted 10-Dec-2019 08:30


Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.