drop sharing between the computers

medooo2005 · July 15, 2007, 4:21am

how i can drop sharing bitween the computers in the my networks using by mikrotik firewall?

jwcn · July 15, 2007, 1:48pm

If they are all on the same subnet it has to be done at the switch level.

medooo2005 · July 15, 2007, 5:50pm

what you mean ?

winxp2000 · July 15, 2007, 6:30pm

Drop network share port TCP 445 / TCP 139 / UDP 137 /UDP 138

medooo2005 · July 16, 2007, 12:27am

plz can you write rule for it service

csickles · July 16, 2007, 3:54am

Here is what everyone is trying to get to…

If the machines (clients) are on the same network segment IE all connected to the same swicth, then the port filtering MUST occure at the swicth as it is the only device thet will “see” the packets.

Packets that bo not “cross” the router or are not destined for the router, are packets it never “sees”.

Packets that originate from a PC destined for a PC on the same segment or subnet (assuming the MT is not bridging the two PCs) simply leave the source, and are forwarded to the dest. via the swicthing fabric of the network switch. It is the ONLY device (assuming one switch) that will even know the traffic exists. If there are other switches on the same subnet and the packet must cross from one switch to another, then both switches are aware of the traffic..

The only way a RouterOS device can block the traffic is if the traffic crosses the MikroTik device at some point.

In the case of wireless AP-bridges. (RouterOS in AP-bridge mode) you can eliminate traffic at the MAC layer by disabling the forward function in the wireless interface tab for the woreless AP interface in question.

If the traffic is originating for example on a wireless device, and destened for a wired device, then forwarding rules apply if the networks are routed. If they are bridged, then use the bridging filters.

If the traffic never crosses the router then the switch is the only point that can perform the function outside of the PCs…

Normis please dont slap me if I mised something here…

Craig

Borage · July 16, 2007, 4:51am

Already answered by csickles, but to make it short. Connect each computer to a separate network interface card (NIC) in your Mikrotik Router. If it’s wireless you are talking about, just disable forwarding on the interface that is configured as an access point (AP).

medooo2005 · July 16, 2007, 5:57am

plz i want to example and more help by role

csickles · July 16, 2007, 6:02pm

Role ??

How are you connecting the systems, Are they both connect to a common switch etc..

I need to know the lay of the land …

Craig

medooo2005 · August 5, 2007, 12:21am

yes

sergejs · August 7, 2007, 12:14pm

Firewall drops the connection that is comming from client to client over the router.
It does not block traffic that client is sending directly to other client over switch for example.