I am a mikrotik beginners. But I already have a lot of things that I need get. Currently I fail to the following:
How can I for specific computers (such as 192.168.1.10 to 192.168.1.20 and 192.168.1.50 to 192.168.1.100) block the direct Internet access on the local network? (These clients can access the Internet only via a present proxy.) But the VPN connections should not be blocked for this computer. In my tests, I have always also blocks the vpn connections.
How can I implement this firewall rule so?
I am grateful for all indications.
you can try with firewall to block internet access for specific ranges of IP :-
In IP select Firewall , in Firewall go to Address Lists Tab
Create a new address list by clicking on + in the upper left of the window .
Write a range of IP address you want to block from accessing internet like 10.0.0.1-10.0.0.10 and write a name for your new address list .
Go to Filter Rules and make a new rule by clicking on + in the upper left of the window .. in General Tab go to Chain and select ( Forward ) , in same tab select ( 6 tcp ) as protocol … then go to Advanced Tab select your address lists you created with any name you chose from Src. Address Lists … then go to Action Tab and chose ( Drop ) from Action .
“block_internet” ist the Address List for blocking client-ip in own subnet (such as 192.168.1.10 - 192.168.1.200)
“own_vpn” ist the Address List for bypass vpn-connections for the blocking client-ip. They can use the vpn normally.
