Hi,
I have 3 ADSL routers (192.168.1.1/24; 192.168.0.1/24 and 192.168.23.4/24)
All of them connected to the same switch..
I have 7 Mikrotik connected to the switch. All with 1 WLAN and 3 ether.
Main mikrotik (1x):
Is running a hotspot and DHCP (10.1.23.x/24) in one bridge. This bridge contains ether2 and wlan1. This bridge is 10.1.23.6/24 IP.
ehter1 is 192.168.23.6/24 (gateway is router 192.168.23.4/24)
Secondary mikrotik (6x):
Is running as AP bridge.
Have 1 bridge with ether1 and wlan1.
I tried to put IP (10.1.23.7-12/24) to ether1 or bridge and seems to work with same results.
I can connect to all WLAN1 (7x) and I receive IP from DHCP server in main mikrotik. I can validate my users in the hostpot and all seems to work fine, but If you connect your laptop with static IP 192.168.1.x/24 or 192.168.0.x/24 or 192.168.23.x/24 with its correct gateway, you can go internet without any control of the hotspot.
I tried to make the firewall rules to fix this, but I can make it correctly. Can you help me?
I have this rules in secondary mikrotiks:
/ ip firewall filter
add chain=forward action=drop src-address=!10.1.23.6 src-port=67-68 \
protocol=tcp comment="STOP other DHCP not in 10.1.23.6" disabled=no
add chain=forward action=drop src-address=!10.1.23.6 src-port=67-68 \
protocol=udp comment="STOP other DHCP not in 10.1.23.6" disabled=no
add chain=forward action=accept src-address=10.1.23.0/24 comment="Accept \
traffic from 10.1.23.0" disabled=no
add chain=forward action=accept src-address=192.168.23.6 comment="Accept \
traffic from main ether1" disabled=no
add chain=forward action=accept src-address=192.168.23.4 comment="Accept \
traffic of router 192.168.23.4" disabled=no
add chain=forward action=drop src-address=192.168.1.0/24 comment="Drop \
192.168.1.0" disabled=no
add chain=forward action=drop src-address=192.168.23.0/24 comment="Drop \
192.168.23.0" disabled=no
add chain=forward action=drop src-address=192.168.0.0/24 comment="Drop \
192.168.0.0" disabled=no
Thanks!
MartÃn