HotSpot Users - Denied Access to my local LAN

unicondor · January 26, 2017, 8:17pm

Hi All,

From my principal router (192.168.10.4) I have only 1 ethernet cable attached to another Mikrotik router used for both HotSpot (via wlan1) and internal Lan (via ether3)

I have the following configuration:

Default bridge

Ether2-master connected to principal router using IP 192.168.10.1
Ether3 Connected to my local PC 192.168.1.5
wlan1 HotSpot Interface with IP 192.168.80.0

Peoples from HotSpot interface wlan1 (after HotSpot login success) can easily access also on my local lan 192.168.1.5… Now I want to avoid that connection between HostSpot and my Internal Lan so I created the following rule but it does not work

I added a rule on Input chain that drop all packet that comes from subnet 192.168.80.0/24 to 192.168.1.0/24

where am I wrong?

2frogs · January 27, 2017, 12:35am

You used the wrong chain. Input is for traffic destined to the router itself. You should use chain=forward, as this is traffic being forwarded from one subnet to the other.

unicondor · January 27, 2017, 7:01am

Oh, you are right. I used the wrong chain. Thank so much for your response.

unicondor · January 28, 2017, 11:57am

I tried with you suggestion But i still see packets coming from HotSpot subnet (10.5.10.60/24) to Internal subnet (192.168.1.0/24)

Seems like that HotSpot mode, enables packet nat/forward before my rule.

andreaswe · December 7, 2017, 12:25pm

Same here - did you solve this already??

unicondor · December 7, 2017, 12:46pm

Nope

Sent from my ONE A2003 using Tapatalk