Hi, I am using the Mikrotik server at my office. I am wondering if I could block client IP from accessing another client?
i.e. block 192.168.1.2 from accessing 192.168.1.5
thanks,
You can’t do it while they are in the same Network, you need Layer2 switch to block access.
Or
You may use Mikrotik as a switch and connect them directly to RB, then it’s possible.
Noticed that you didn’t mention to type of connection of your user. I suppose that they don’t connect to MT via PPPoE, PPTP and etc.
If they are using such connection, It’s possible to block access.
you can do it only by local firewall on the 2 pc
you can give subnetmask 255.255.255.255 to your users (over dhcp, or manual) and then all packets will go trough mikrotik (gateway for users is mikrotik ip, ofcourse), and then u can control all theese packets. then u can make this rule:
/ip firewall filter add chain=forward src-address=192.168.1.2 dst-address=192.168.1.5 action=drop
that’s my idea, you can try it.
you can give subnetmask 255.255.255.255 to your users (over dhcp, or manual) and then all packets will go trough mikrotik (gateway for users is mikrotik ip, ofcourse), and then u can control all theese packets. then u can make this rule:
Just a word of warning: if you don’t have strict control over the hosts then there’s very little you can do to prevent users from changing the subnet mask again.
If you really need things secured you will have to invest in infrastructure hardware that can enforce these policies for you, mostly likely switches with decent layer 2 security features.