[MikroTik] KPN fiber routed IPTV veel zenders werken niet

# dec/14/2019 19:43:21 by RouterOS 6.46
# software id = knip
#
# model = RouterBOARD 750G r3
# serial number = knip

/interface bridge
add admin-mac=6C:3B:6B:C2:3B:88 auto-mac=no igmp-snooping=yes name=bridge

/interface ethernet
set [ find default-name=ether1 ] name=ether1_gateway

/interface vlan
add comment="IPTV VLAN" interface=ether1_gateway name=vlan4 vlan-id=4
add comment="Internet VLAN" interface=ether1_gateway name=vlan6 vlan-id=6

/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan6 keepalive-timeout=disabled name=pppoe-out1 use-peer-dns=yes user=knip@internet

/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip dhcp-client option
add code=60 name=option60-vendorclass value="'IPTV_RG'"

/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot

/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5

/ip neighbor discovery-settings
set discover-interface-list=LAN

/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1_gateway list=WAN

/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0

/ip dhcp-client
add add-default-route=no comment=defconf interface=ether1_gateway
add add-default-route=special-classless default-route-distance=210 dhcp-options=option60-vendorclass,hostname,clientid disabled=no interface=vlan4 use-peer-dns=no

/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan

/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked 
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=forward comment="IPTV multicast" dst-address=224.0.0.0/8 in-interface=vlan4 protocol=udp
add action=accept chain=input comment="IPTV multicast" dst-address=224.0.0.0/8 in-interface=vlan4 protocol=igmp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked 
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=vlan4

/routing igmp-proxy interface
add interface=bridge
add alternative-subnets=10.0.0.0/8,217.166.0.0/16,213.75.0.0/16 interface=vlan4 upstream=yes

/system clock
set time-zone-name=Europe/Amsterdam

/tool mac-server
set allowed-interface-list=LAN

/tool mac-server mac-winbox
set allowed-interface-list=LAN