Block Internet Access to ip but keep internal access to network.

Hi.

My mikrotik is being given internet through the wlan interface as a client. My hotspot is providing it, it is connected through USB to my main rig,the mikrotik router is connected through ethernet so I can access my server, other pcs, printers, etc, that are inside the network.
But windows is a bitch and keeps using the ethernet(mikrotik router) connection as a primary randomly, or some software specifically does it? I’m not sure, but I need it to stop, and doing it on the windows side is just not reliable.
I need to block internet connection to my main rig, so it’s forced to use the fastest one provided by USB, now how would I do that without blocking it access to the network so I can still communicate with the devices that are also in it?
Also it can’t have anything to do with the interface itself because I’ve got a VM running as well that can’t be restricted internet access, since it’s only got the ethernet interface.

Thank you.

If I understand You correctly, this should do the thing:

[admin@MikroTik] > ip firewall filter add chain=forward src-address=X.X.X.X action=drop

(where X.X.X.X is the IP of your PC) This rule will block ALL the traffic which destination is throughout the router.
But I’m not sure if Windows will switch to the wireless network when it is connected to the LAN anyway.

Another possible solution on the client side is to change metric on the connections, see Here

I am not sure exactly what your description of problem is, but in situations where you need some devices with certain IPs to only access certain networks at some points, a combination of policy routing and some firewall rules will do the magic.

Two ways:

1. specify a static IP address on the ethernet interface but don’t specify a default gateway

2. set the priority on the USB connection to a higher one than the ethernet connection