I`m new in mikrotik - if you could support me with I suppose simple conforuration.
I have internal network 192.168.1.1/24 with gateway 192.168.1.1 + lots of devices in those network ( working on non-mikrotik router)
and have to make separate network with no access to any device in my internal network but full access to internet.
Now I connected Mikrotik to my network ( Wan side 192.168.1.4, Lan 192.168.200.1) and from client side I still can ping devices from 192.168.1.X network * it has to be blocked, except gateway to internet 192.168.1.1)
Could you please give me advice how to do it ?
hi
Of course - attached - like I said clients from netrwork 192.168.200.X should have only access to internet not other devices from primary network, and i can set it only on Mikrotik…
( I know - I`ll update it before put in “real retwork”)
Be careful with specifying 192.168.1.1 in here..remember this “upstream” router is your gateway out, NOT the final destination! So you do not need to really “address” it in your policy like this UNLESS you really WANT to make a connection to this router ? (eg. web-interface or something, you want to “ping” it or whatever)
==> “in-interface” cannot be “ether1” like this , because you originating-LAN is actually “ether2” having these 192.168.200.x IP’s
==> As far as I know, the “upstream” router 192.168.1.1 is only your way out, NOT the final destination here (it is not because you route to it that you must describe it in the policy)
I would try :
(remove the existing one)
add action=accept chain=forward comment=“Accept Established/Related Packets” connection-state=established,related in-interface=ether1
add action=drop chain=forward comment=“Deny Access 192.168.1.0/24” dst-address=192.168.1.0/24 in-interface=ether2
(if you NEED access to this upstream router like web-interface or ssh or something you need to further adapt and insert a rule after in between to specificly allow something to 192.168.1.1/32)
Hi
Which model switches do you have?
Main - some TPlink from my Internet provider ( have only limited access), second ( that i have to configure) - RB750 r2 ( to prohibit all connected devices access to main network - only internet is allowed)
Where is the internet coming in? modem from tv internet provider - then TPlink ( with my devices, which schould be blocked to computers connected after next router)
What is the function of the other router? 1st - TPlink - provide internet (dhcp, dns, nat) to network, Mikrotik - the same for next group of devices ( wchich schould be separated from devices in 192.168.1.x network)
Basicaly - I can clear all config in Mikrotik and start over ( have few days time) so almost all settings ( ip/ network class/ routing) can be changed with your advices…
Target is that I`ll give my neibour internet but without access to my TV/ printers/ computers - all routers will be in my home, so I dont afraid about phisical security / reset…
