I have used Mikrotik for our wireless network for over a year now and have been quite pleased with the results, but one of the things I’ve never been able to figure out is how to setup filters, firewalls, and scripts to do a few specfic things.
About two months ago we switched our internet feed from t1’s to a fiber-optic connection (that uses a media converter to ethernet).
We have a pretty nice Cisco router but for what ever reason we never could get the cisco and the fiber-optic connection to work. On a 3M connection at the time we would get a 3M upload but only 150-300k download speeds. For those that are interested we tried placing several switches/hubs between then router and the fiber to ethernet media converter and had varying degree of success/failure.
Frustrated I opened up a Routerboard 532A, programed it and within a very short time my isp was up and running with 3 meg up/down.
Now this is where we get back to my subject title. There are some things I would like to firewall or perhaps the better word would be filter.
Lets assume ether0 is the internet and ether1 is my internal and I am using two internet subnets 10.1.1.0/24 and 10.1.2.0/24
-
I would like to do a similar setup that I had on the cisco that filtiers ether0 (internet side) and blocks incoming packets that are not destination of 10.1.1.0/24 and 10.1.2.0/24
-
Block outgoing packets that are not source 10.1.1.0/24 and 10.1.2.0/24
-
Block all incoming and outgoing netbios packets
-
A script that would monitor ftp/telnet/ssh port on this router board and when so many failure to log-in’s occure the ip is blocked for x hours/days
Would some one mind sharing what and how you would accomplish this?
Thanks!
Michael
p.s. do you think the 532A will handle a 3M-9M internet connection? Or should I replace the unit with a full computer system?