Community discussions

MikroTik App
  4. RouterOS
  5. General

How to isolate the network?

Post Reply
 
dwz63
just joined
Topic Author
Posts: 7
Joined: Fri Sep 27, 2013 11:39 am
Location: Russia

How to isolate the network?

Fri Oct 11, 2013 11:51 am

Hi,
Previously, I had questions about VLAN and guest network. http://forum.mikrotik.com/viewtopic.php?f=7&t=77189
I did not understand how to properly isolate/separate/insulated guest network.
I decided to continue in this topic general questions about the routing and firewall ..

How to block access to the network2 (192.168.12.0/24) to other networks. To have access only to the Internet.
Code: Select all
            R2---R1---R3
        /                  \
 network1	              network1
network2                   network2
network1 - 192.168.11.0/24
network2 - 192.168.12.0/24

Router 1: RouterBOARD 750UP - R1
port1 - "WAN" 192.168.10.10/24
port2 - "LAN" 192.168.11.1/24
Ports 2-5 are combined bridge1.
vlan12(bridge1) - 192.168.12.1

Router 2: RouterBOARD 951G-2HnD - R2
wlan - "Wi-fi"
port1 - "WAN" 192.168.11.20/24
port2 - "LAN"
wlan2 - VirtualAP
vlan12(bridge1) - 192.168.12.10
Port1, port2 and wlan are combined bridge1.
vlan12, wlan2 are combined bridge2.

Router 3: RouterBOARD 951G-2HnD - R3
wlan - "Wi-fi"
port1 - "WAN" 192.168.11.30/24
port2 - "LAN"
wlan2 - VirtualAP
vlan12(bridge1) - 192.168.12.20
Port1, port2 and wlan are combined bridge1.
vlan12, wlan2 are combined bridge2.
Top
 
samsung172
Forum Guru
Forum Guru
Posts: 1191
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:
Contact samsung172

Re: How to isolate the network?

Sat Oct 12, 2013 12:06 am

just make a firewall rule. make a address list, lets say called "private" and have your private address in this. Add a drop rule, if dst address is in private list. Also possible to have a. Its also possible to have more complex setup, routing rules etc.
Top
 
dwz63
just joined
Topic Author
Posts: 7
Joined: Fri Sep 27, 2013 11:39 am
Location: Russia

Re: How to isolate the network?

Mon Oct 14, 2013 12:54 pm

just make a firewall rule.
Hi,
Thanks for the help.
I configured a firewall and blocked all private network to guest network (inbound and outbound traffic).
Terminal: /ip firewall filter print
Code: Select all
 0   chain=forward action=drop src-address-list=net12 dst-address-list=private_IPv4 
 1   chain=forward action=drop src-address-list=private_IPv4 dst-address-list=net12
Terminal: /ip firewall address-list print
Code: Select all
 
#   LIST		ADDRESS                        
 0   private_IPv4	10.0.0.0/8                     
 1   private_IPv4	172.16.0.0/12                  
 2   private_IPv4	192.168.0.0/16                 
 3   net12		192.168.12.0/24
All right? Is that enough?
Top
 
samsung172
Forum Guru
Forum Guru
Posts: 1191
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:
Contact samsung172

Re: How to isolate the network?

Tue Oct 15, 2013 1:27 am

just make a firewall rule.
Hi,
Thanks for the help.
I configured a firewall and blocked all private network to guest network (inbound and outbound traffic).
Terminal: /ip firewall filter print
Code: Select all
 0   chain=forward action=drop src-address-list=net12 dst-address-list=private_IPv4 
 1   chain=forward action=drop src-address-list=private_IPv4 dst-address-list=net12
Terminal: /ip firewall address-list print
Code: Select all
 
#   LIST		ADDRESS                        
 0   private_IPv4	10.0.0.0/8                     
 1   private_IPv4	172.16.0.0/12                  
 2   private_IPv4	192.168.0.0/16                 
 3   net12		192.168.12.0/24
All right? Is that enough?

Without me reading it all once agane, and doble check, YES, this should be about it.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 179 guests
  4. RouterOS
  5. General