This is my first Mikrotik and it really makes me feel stupid. I can do all this stuff on a cisco but I can’t even figure out why / when in / source is/isn’t out/destination… when I expect I would be specifying the sorce/destination it wants direction (in / out) when I think I want to specify in or out it wants source/destination… whatever I do it doesn’t do what I expect so I know I have the whole source/destination vs in / out thing mixed up in my head on this thing.
My box is set up like this:
INtel based PoweRouter 5 Ethernet Ports (actually 7 but I’m only using 5) RouterOS vr 3.28.
ether1 WAN IP 22.22.22.41 (gateway 22.22.22.42)
ether2 LAN IP 65.55.5.0/24
ether3 PPPoE 65.55.6.0/24
ether4 LAN 65.55.7.0/24
ether5 Private 10.10.7.0/24
All I want to do is make sure traffic from ether5 10.10.7.0/24 is not passed to, in, or out ether1 (the WAN) . Since I have no way of knowing if Ether1 is passing 10.10.7.0 traffic to my upstream I have tried to block it from ether4 where I can tell if it is being passed in or out and then once I have it working simply change it for ether1. But so far I can’t get it to work. As far as I can tell it looks like I would need to do this with the firewall and I thought blocking traffic from 10. and the other unroutables would be as easy as just making a firewall rule to block ip range X from interface Y …
NOTE: I do NOT want to block 10.10 from the other ports, just eth1 ( I’m only trying to block it from ether4 for testing / confirmation that it works ).
I have created firewall rules to block ip ranges coming into the tik from the wan side (outside coming in) and I know they are working but I can’t seem to figure out how to make the tik block or traffic coming IN (or OUT ? ) one of its own ethernet ports and not pass it OUT ( IN ? ) another of its own ports .
This has got to be a simple thing that I just can’t seem to wrap my mind around.
Thanks in advance for any help !