We are setting up a new Mikrotik router with multiple interfaces active on separate networks. We are relatively new to RouterOS, but not to routers and firewalls in general.
From the default RouterOS image we enabled a separate subnet on Eth3. Our interfaces were configured as follows.
Eth1 - DHCP WAN connection
Eth2 - Default IP & Subnet 192.168.88.1 (192.168.88.0/24)
Eth3 - 192.168.16.1 (192.168.16.0/24)
We attempted to install DHCP on a Windows server connected to 192.168.16.0/24, but the installation failed, as it detected the default Mikrotik DHCP server on the 192.168.88.0/24 subnet.
The logical fix is to create a firewall rule on the router dropping traffic between the subnets, so within the Mikrotik web interface we created a firewall rule to block traffic from 192.168.16.0/24 → 192.168.88.0/24 and a second rule dropping traffic from 192.168.88.0/24 → 192.168.16.0/24.
We also tried the same form a telnet session using the following commands.
ip firewall filter add chain=forward src-address=192.168.88.0/24 dst-address=192.168.16.0/24 action=drop
ip firewall filter add chain=forward src-address=192.168.16.0/24 dst-address=192.168.88.0/24 action=dropNeither method worked. We were still able to ping between networks and the DHCP server was still being detected by the windows server.
Any ideas of where we have gone wrong?