We would like to setup dhcp for our internal network for ip ranges 192.168.50.0/24 but be able to block that particular ip range for dhcp from going out across the wireless connection.
Setup of primary wireless router:
Bridged eth1, wlan1, wlan2, wlan3, wlan4
We use a bandwidth management unit so we statically assign ip addresses 192.168.60.0/24 for our customers. Our hotspot uses 192.168.15.0/24 for our hotspot users.
I’m still learning how the firewall works I was thinking that I could possibly tag 192.168.50.0/24 ip’s to block UDP port 67 in affect blocking the DHCP for that range of ip’s.
Am I correct in thinking this would work? And if so how would I setup the firewall in Mikrotik to do this?
So your LAN is bridged with your wireless segments?
If they are not bridged but seperated by routing, DHCP will not cross layer 3
network boundaries anyway.
I believe that you can not use the firewall to prohibit DHCP assignments based
on the IP address the DHCP server decided to hand out for a client, if that’s
what you want to do?
Or am I misinterpreting you and you just want to prohibit IP communication on
layer 3 between 192.168.50.0/24 and your other networks?
That is very easy to do with the RouterOS firewall.
Tom, your right the latter is what I am wanting to do. Block layer 3 ip communication on that 192.168.50.x from the rest of the network. That particular ip only has to communicate with one file server which has it’s own 192.168.50.x ip also so if you can explain to me how to block it with the RouterOS firewall I would appreciate it.
Ok, let’s assume the wireless interface that your 192.168.50.0/24 network is running on is wlan3.
Just add a firewall filter rule to the forward chain that blocks everything coming in via wlan3 from
being forwarded through the MT to networks on other interfaces, like this (RouterOS 2.9 syntax)
Thanks.. Actually the .50 are on the ethernet side just used for giving customer computers that are being worked on. So I’ll just add that filter to the ethernet side. Thanks for the help.