Hello to all this is the first time that i write to the forum. I have a mikrotik rb 750. I use two interfaces as a two different networks. The ether2 for the lan network(ip 10.0.0.0) and ether3 for the wlan network(ip 192.168.1.0). I want the ether2 can communicate with ether3 but not the opposite.
I created two rules in firewall to do this
hi
you can use of bridge interface.
you can add a new bridge interface,and add ether3 and ether2 in bridge.
with this config you can access to each network from another.
for more help , please follow this address : http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge
Use some rule abowe this is connection-state set to esablished, your should also add rule for connection-state related and set both of these rules to accept.
You don’t need interfaces on these rules since you want your router to accept already checked sessions.
First of all thanks for you responses i appreciated. Now to the point. i am not sure if i explain my problem very well. The problem is that i want the ether2(lan network) to communicate with ether3(wlan network) but the ether3 can not communicate with ether2. I don’t see why to make a bridge between the two interfaces. Also ojsa i have rules to accept established and related connections see below.
Well your main problem there is that those rules are for the INPUT chain. That chain is used only for traffic that is going to the router, not traffic that is being forwarded over the router. Duplicate the rules, but make sure they are in the forward chain, and put them above the drop rule, and you should be set to go.
Ditonet the rule you post (add action=reject chain=forward disabled=no dst-address=10.0.0.0/8 reject-with=icmp-network-unreachable src-address=192.168.1.0/24) is droping the connection for both sides. Because with this you don’t let the network 10.0.0.0/8 speak with others.