internet modem/router : 192.168.1.1
mikrotik ethernet : 192.168.1.100
Im using MT os as 1) an access point and 2) as a bridge.
All my clients connect to AP and transfer data from/to bridge to a network like 10.xxx.xxx.xxx.
My routes for all incoming traffic transfers to 10.112.1.255 (the other side of the bridge network),
Also i have a web-proxy on from 24:00 to 09:00 o clock and im sharing internet throught port 8080.
If any client using proxy port 8080 has internet only from 24:00 to 09:00, BUT if he doesn’t use the proxy port 8080
ALWAYS has internet…
i have also add a static root 0.0.0.0/0 to gateway 196.168.1.1
Also i have a client (10.112.1.5) who want ALWAYS (24 per day)to has internet!
Use firewall filter to filter clients per time.
Create different chains, first for unlimited access, second for access for a specific time.
As firewall provides you with time,
add jump rule to chain=forward, that redirects traffic to different chain.
add rule with option time, that will be accepting traffic for specific time and will be dropping for other time.
i prefer to work with routing rules, it is more easier for a newbie like me.
have a look:
Src address Dst.Address Action table
10.0.0.0/8 10.0.0.0/8 lookup main
(clients from 10.x.x.x goes only at 10.x.x.x IPs)
10.112.2.5 0.0.0.0/0 lookup main
(Mr. 10.112.2.5 goes to everywhere!)
10.112.2.1 0.0.0.0/0 lookup main
(Mr 10.112.2.1 goes to everywhere!)
Does it work ?
Or i ll need to add the following line ? :
10.0.0.0 0.0.0.0/0 unreachable
Can u help me?
My target is to not allow other ips (except 10.112.2.5) using 192.168.1.1 (modem/router) directly; they can you only the proxy from 24:00 to 09:00 o clock.
How do you get src-address there ?
I think routing is not required in this scenario,
as I mention previoisly it is possible with firewall,
you may drop traffic for the specific time, as well NAT rule (that redirects users to proxy transparently) will work for specific time.
