Community discussions

Search found 37 matches

by luka3
Thu Aug 01, 2019 1:03 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other[Solved]

After some testing I isolated succesfully: >the AP and its clients by using the propietary function included in Unify ("guest isolation"). I tried what mkx proposed in POST#7 but isolation still did not work. >a second subnet: following mkx and stoser advice in POST#7 and POST#23 and assigning a sec...
by luka3
Mon Jul 22, 2019 10:59 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Mkx, don´t let anav disturb you. I am the one who is stuck and due to my limited knowledge even more. Everything is there: /ip dhcp-server add address-pool=dhcp_pool2 disabled=no interface=bridge2 name=dhcp2 add name=dhcp_pool2 ranges=172.16.24.100-172.16.24.119 /ip dhcp-server network add address=1...
by luka3
Mon Jul 22, 2019 9:51 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Ahhh, Luka you have discovered what I like to call the mkx infinite loop . Its a phenomena that often occurs. The Op slowly goes mad and ends up throwing his device against the wall at high velocity. It doesn't fix the configuration at all but it feels really really good at the time. That´s a perfe...
by luka3
Mon Jul 22, 2019 9:17 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Hi, I reverted to the previous firewall I had and it works. After changing the firewall something has an effect on vlan2 and 192.168.1.200 (the deco has this static ip). You mentioned: you don't have corresponding /ip dhcp-server network nor /ip dhcp-server ... . Maybe I don´t understand you but I t...
by luka3
Mon Jul 22, 2019 1:46 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Hi, after I tried to setup the new firewall I must have stopped the ipTV service. I have tried to find the problem but I cannot. Maybe you can have a look and point me in the right direction... old FW: /ip dhcp-server option add code=240 name=option_para_deco value="':::::239.0.2.10:22222:v6.0:239.0...
by luka3
Fri Jul 19, 2019 5:26 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Here is the actual status of the FW (without ipv6). A bit different from the default one but following the one in the wiki and comparing it line by line with the default one: /ip firewall filter add action=drop chain=input comment="ROUTER PROTECTION.Drop Invalid connections" connection-state=invalid...
by luka3
Fri Jul 19, 2019 3:40 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Hi, thx for support.
One doubt I have is where to apply the initial drop everything except LAN: should I do that in ether1 or in Brigde1-ISP?
by luka3
Fri Jul 19, 2019 1:07 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

I have impemented the previous steps.

Should I implement these too?:

-Make jumps to new chains
-Create tcp chain and deny some tcp ports in it
-Deny udp ports in udp chain
-Allow only needed icmp codes in icmp chain
-Bruteforce_login_prevention_(FTP_&_SSH)

Any other?
by luka3
Fri Jul 19, 2019 12:25 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

This worked to stop the AP pinging the router: add action=drop chain=input dst-address=192.168.1.1 protocol=icmp src-address=172.16.24.0/24 I suggest you to start over from default firewall filter rules and adapt them according to needs Since I did not start from the basic firewall after importing t...
by luka3
Thu Jul 18, 2019 9:42 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

/ip firewall filter add action=drop chain=forward dst-address=176.16.24.1/24 src-address=192.168.1.0/24 in-interface=bridge2 out-interface=bridge1 add action=drop chain=forward dst-address=192.168.1.0/24 /src-address=176.16.24.1/24 in-interface=bridge1 out-interface=bridge2 I am still able to ping ...
by luka3
Thu Jul 18, 2019 1:28 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

After you get AP working properly, you can tackle the issue of separating LANs 172.16.24.0/24 and 192.168.1.0/24 ...
Solved. Now Unify is up and running and the AP has a static IP of 172.16.24.120.

How should I proceed with the firewall to separate the lans?
by luka3
Wed Jul 17, 2019 11:48 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

I still think that Ubiquiti AP doesn't like address 172.16.24.2 for its management interface. And that RB config is fine regarding that. What still confuses me is that it obviously falls back to some weird default configuration if it can't connect to management console after restart. Can't you conf...
by luka3
Wed Jul 17, 2019 9:41 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

I still think that Ubiquiti AP doesn't like address 172.16.24.2 for its management interface. And that RB config is fine regarding that. What still confuses me is that it obviously falls back to some weird default configuration if it can't connect to management console after restart. Can't you conf...
by luka3
Wed Jul 17, 2019 8:43 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

leases:
by luka3
Wed Jul 17, 2019 8:41 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

4 - Try tracert from client device connected by WiFi to the Ubiquiti AP 4011 to an internet site (8.8.8.8 for ex) and post results
by luka3
Wed Jul 17, 2019 8:32 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

3 - Try ping from client device that is connected by WiFi to Ubiquiti AP to the 4011, and post results (172.16.24.x to 172.16.24.1)
by luka3
Wed Jul 17, 2019 8:25 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

1- Try ping from Ubiquiti AP to 4011, and post results (172.16.24.2 to 172.16.24.1) [XXX] > /ping src-address=172.16.24.2 172.16.24.1 count=4 SEQ HOST SIZE TTL TIME STATUS 0 could not make socket 1 could not make socket 2 could not make socket 3 could not make socket sent=4 received=0 packet-loss=1...
by luka3
Wed Jul 17, 2019 8:23 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Although -after Unify install- I cannot access the AP, it automatically generated a wifi connection (name=FCECDA372809).
by luka3
Wed Jul 17, 2019 8:16 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

I have the following problem. I cannot access the Ubiquity AP. If I connect the AP to bridge1 (192.168.1.0/24) it inmediatly is recognized by Unify. And I can access it with putty. If I connect the AP to bridge2 (172.16.24.0/24) it is not recognized by Unify. And I cannot access it with putty. I tri...
by luka3
Wed Jul 17, 2019 8:09 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Also you did not perform the second ping test requested.by @mkx (192.168.1.1 to 172.16.24.2) [XXX] > /ping src-address=192.168.1.1 172.16.24.2 count=4 SEQ HOST SIZE TTL TIME STATUS 0 172.16.24.2 56 64 0ms 1 172.16.24.2 56 64 0ms 2 172.16.24.2 56 64 0ms 3 172.16.24.2 56 64 0ms sent=4 received=4 pack...
by luka3
Wed Jul 17, 2019 11:16 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Hi, sorry for not replying further yesterday. Actually my laptop ran out of battery and did not want to charge again. Will do the next tests later today. One thing I noticed yesterday is that the access point did access the internet and also the wifi clients connected to it too. But the access point...
by luka3
Wed Jul 17, 2019 1:50 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other


BTW, on the chart the AP has two IP addresses indicated. What does 192.168.1.45 do there? It shouldn't work because its in a wrong subnet.
It is from a previous config. Ignore it.
by luka3
Wed Jul 17, 2019 1:49 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

You can try some tests, run from RB4011 [] > /ping src-address=172.16.24.1 172.16.24.2 count=4 SEQ HOST SIZE TTL TIME STATUS 0 172.16.24.2 56 64 0ms 1 172.16.24.2 56 64 0ms 2 172.16.24.2 56 64 0ms 3 172.16.24.2 56 64 0ms sent=4 received=4 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms [] > /pin...
by luka3
Wed Jul 17, 2019 1:23 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

One problem I see is the following: Look closely at the Ip range for dhcp_pool2: /ip pool add name=dhcp_pool1 ranges=192.168.1.210-192.168.1.230 add name=dhcp_pool2 ranges=172.16.24.100-192.16.24.120 Also, you should add the network 172.16.24.0/24, as you yourself stated My mistake. I also added th...
by luka3
Tue Jul 16, 2019 9:57 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

After that, please wait for the instructions what to do ... if you change things meanwhile then instructions might not be relevant anymore. Let´s try again. At the beginning I posted I had problems with my access point not providing wifi. Again I tried to set up everything as it was. Here is my exp...
by luka3
Tue Jul 16, 2019 12:56 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Anav, I tried to config the vlans. I did not post it before because I realised today that they did not work due to the lack proper firewall rules. I even tested yesterday a TP-SG108PE I had around. I started off using bridges and quickly discovered that one was limited in that the bridge could only ...
by luka3
Mon Jul 15, 2019 10:45 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

[Also, where is this in winbox? /interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes I don't know where in winbox that is, in webfig it's in bridge->settings I reverted to the last step I showed you. The problem is the AP is not working on br...
by luka3
Sun Jul 14, 2019 2:21 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

No, you don't need anything special to set-up VLANs on RB4011, they are dealt by router's CPU. The price for that functionality is performance hit for traffic between different ethernet ports carrying same VLAN, which would be carried by switch chip if switch chip was at least half-decent. In your ...
by luka3
Sat Jul 13, 2019 9:37 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

I use vlans for all subnets. By their nature all vlans do not talk on layer 2 Thus all I do in the forward chain is state what I wish to allow, ie LAN to WAN for whatever vlans, then Drop ALL as the last rule which kills any L3 routing between the vlans. Done! Hi anav! Do I need a switch + my rb401...
by luka3
Sat Jul 13, 2019 12:12 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Well, was starting to read about vlans and found this post: https://forum.mikrotik.com/viewtopic.php?t=114580 Forget VLANs. They are great when you want to have multiple separate networks on one cable, but you also need either a managed switch or end device (server) specifically configured for VLAN....
by luka3
Fri Jul 12, 2019 11:47 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

I use vlans for all subnets. By their nature all vlans do not talk on layer 2 Thus all I do in the forward chain is state what I wish to allow, ie LAN to WAN for whatever vlans, then Drop ALL as the last rule which kills any L3 routing between the vlans. Done! Looks a clean way to do it. Will read ...
by luka3
Fri Jul 12, 2019 11:24 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Hi, Thx for help. I did both: LAN2 IP address should be bount do interface bridge2 - now it's bound to it's slave interface ether10. and If you want to block traffic between LAN and LAN2, you need a pair of firewall rules similar to this: C I rechecked and the rule was working as intended. But I che...
by luka3
Fri Jul 12, 2019 12:25 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

update of diagram..
by luka3
Fri Jul 12, 2019 12:23 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

/interface bridge add comment=ISP igmp-snooping=yes name=bridge1 add comment=lan2 name=bridge2 /interface ethernet set [ find default-name=ether1 ] comment=WAN name=ether1-WAN set [ find default-name=ether2 ] comment=LAN1 set [ find default-name=ether10 ] comment=LAN2 set [ find default-name=sfp-sf...
by luka3
Thu Jul 11, 2019 9:03 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

Ok, I reached my knowledge limit. I attach a pic with some data of fw, lan, ... and the desired lan setup. I have been reading here: https://forum.mikrotik.com/viewtopic.php?t=125838 https://forum.mikrotik.com/viewtopic.php?t=132219 But since I start from a config (included firewall) to make ipTV wo...
by luka3
Thu Jul 11, 2019 4:04 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

Re: 1wan + 2 lan isolated from each other

After further research I found this post: viewtopic.php?t=125838.

I will try to set it up in this way leaving apart that I do not have a second router. Will report back.
by luka3
Thu Jul 11, 2019 2:43 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4124

1wan + 2 lan isolated from each other

Hi, I am new to RoS and networking but not to computers. I own a rb4011 and uploaded a script to have the following services at home: ipTV, voIP and Internet. All of them are working but I need to customize my network. I get a public dynamic address from the telecom company. I have 1 lan. I have 1 b...