Need to block internet but not local traffic for an individual ip address only.
Ive an rb411ar, that connects to and adsl modem / router, that has a Ubiquiti NanoBridge in the mix all joined together via a desktop switch…
rb411ar ip = 172.18.91.158,
adsl modem ip = 172.18.91.149,
NanoBridge ip = 172.18.91.145,
The NanoBridge is gateway for an intranet, the adsl modem / router for internet and the rb411ar as an access point; Using Winbox; how do I block access to the internet but continue to allow access to the intranet network for a user on ip 172.18.91.153?
Currently the above is all working fine, I just need to block access to the internet for ip address 172.18.91.153 (only) but not for the intranet…
I have tried the following:
Added a firewall filter rule (in winbox), using forward chain, src address 172.18.91.153 (ip i want blocked form internet)
Dest ip 172.18.91.149 (adsl modem / router) with “not” enabled next to src address (it had not effect otherwise),
Selected drop under action.
This worked on my rb750gl test setup with no wifi access point etc, but not on the rb411ar, rb411ar has eth1 and wlan2 as a bridged interface.
How must I go about setting up the Firewall Filter Rule to achieve my goal?
The modem is plugged into ether1 which is bridged with wlan2 (bridge1 interface)
ether1 connects to a desktop switch that has both the nanobridge (172.18.91.145) and modem (172.18.91.149) connected to it
Will using “ether1” rather that Dest IP not prevent “all” traffic originating from IP 172.18.91.153 from passing ether1 thereby also blocking access to the nanobridge?