Hi Friends
i have a Wireless Network with Address of 172.16.16.0/24 with Hotspot!
and Lan with 192.168.168.0/24
if Wireless Users Set the Secondary IP address in Range of 192.168.168.0/24 Can Connect to My Lan PC's & Ping That!
I'm Using a RB433 for My Wireless & Bridged to My RB800
Hotspot Run in RB 800 on ether3
MY LAN Users is on Ether2 &
The Internet Give from Ether1
How to Block Them , for Can't Connect to My LAN Range ?
Thanks

Anyone Know ?

Can you draw a network diagram?

This is My Network :

Make a firewall rule that blocks traffic entering the ether3 interface destined to the LAN network.

Thanks , But ... i'm Connect in LAN and Binding The RB433 as 192.168.2.2 and After Enabling That Filter Rule , Can't Connect to My RB433 form My PC!
192.168.2.1 is Set on Ether3 (RB800)
192.168.168.1 is Set on Ether2 (RB800)
and 192.168.2.2 is Set on Bridge & Bind to RB433
My IP on LAN is : 192.168.168.2

Your diagram doesn't show any IP space for 192.168.2.2.

Do you have two IP addresses on ether3? 192.168.2.2 and 172.16.16.1?

You can use the drop rule in a range IE: 192.168.0.2 - 192.168.0.255
This allows for the 433 only.

OR
create an allow rule BEFORE the drop rule for the 433.

OR a chain that looks for the 433 traffic by specific ports and then dropps all else..

Just some ideas..

Your diagram doesn't show any IP space for 192.168.2.2.

Do you have two IP addresses on ether3? 192.168.2.2 and 172.16.16.1?

sry , yes , two IP address is Set on Ether3

, Can Write the Codes ?

but , Now How to That ?
Anyone !!?

Anyone Know ?

Hi,

/ip firewall filter
add chain=forward in-interface=ether3 src-addres=172.16.16.0/24 dst-address=192.168.168.0/24 action=drop

Regards

Faton