how to block arp packet in local lan from Mikrotik or with out Mikrorik???
You can block arp packets in bridge firewall.
- Bridge > Add > ok, port > + select ether1 > ok. again + select ether2 ok.
- now connect your router LAN port with Mikrotik ether1 and another cable from ether2 to your LAN switch.
- IP > firewall > + chain = forward > src-address = your client IP > advance > src MAC address = ! your client mac > action=drop.
if not working call me.
Hi, I have same issue, I has follow your solution, but I have few question:
1-I have 150 client
2-All of my client mac address passed from my router to isp router
please tell me how can i do drop my ARP traffic from internal to external, i want to use just my external MAC address for internet packets.
Thanks in advance
Pooyab
Same.
i want to use just my external MAC address for internet packets.
Do you want to use different IP addresses, but all the same MAC address ???
- same MAC, same or some WAN IP : use Src-NAT or masquerade in the firewall (the NAT rule is in the default firewall already for interfaces in the WAN interface list)
- same MAC to internet, different LAN IP addresses: this is like the “wifi repeater pseudo bridge”. The “NAT rules in the bridge” can change (scr-nat) MAC addresses. But the way back will need the real MAC address restored.
Blocking ARP. It’s protocol x806 (IPv4 is x800). The bridge Firewall (not the IP firewall) has possibilities. https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_Firewall
Ah x800 that gives me something to try, thank you.
What I want to do is block a public wifi user from seeing all the other devices connected. Not to be confused with being able to communicate with them. I’ve seen public wifi networks that don’t let you even list the other devices in apps like Wifi Man and Fing.