Hi Friends
i have a Wireless Network with Address of 172.16.16.0/24 with Hotspot!
and Lan with 192.168.168.0/24
if Wireless Users Set the Secondary IP address in Range of 192.168.168.0/24 Can Connect to My Lan PC’s & Ping That!
I’m Using a RB433 for My Wireless & Bridged to My RB800
Hotspot Run in RB 800 on ether3
MY LAN Users is on Ether2 &
The Internet Give from Ether1
How to Block Them , for Can’t Connect to My LAN Range ?
Thanks
Anyone Know ?
Can you draw a network diagram?
This is My Network :
Make a firewall rule that blocks traffic entering the ether3 interface destined to the LAN network.
/ip firewall filter
add chain=forward in-interface=ether3 dst-address=192.168.168.0/24 action=drop
Thanks , But … i’m Connect in LAN and Binding The RB433 as 192.168.2.2 and After Enabling That Filter Rule , Can’t Connect to My RB433 form My PC!
192.168.2.1 is Set on Ether3 (RB800)
192.168.168.1 is Set on Ether2 (RB800)
and 192.168.2.2 is Set on Bridge & Bind to RB433
My IP on LAN is : 192.168.168.2
Your diagram doesn’t show any IP space for 192.168.2.2.
Do you have two IP addresses on ether3? 192.168.2.2 and 172.16.16.1?
You can use the drop rule in a range IE: 192.168.0.2 - 192.168.0.255
This allows for the 433 only.
OR
create an allow rule BEFORE the drop rule for the 433.
OR a chain that looks for the 433 traffic by specific ports and then dropps all else..
Just some ideas..
sry , yes , two IP address is Set on Ether3
, Can Write the Codes ?
but , Now How to That ?
Anyone !!? 
Anyone Know ?
Hi,
/ip firewall filter
add chain=forward in-interface=ether3 src-addres=172.16.16.0/24 dst-address=192.168.168.0/24 action=drop
Regards
Faton