Isolated Server acccesible via VPN

Fires · September 27, 2017, 3:00pm

Hi guy, I want create server what will have no access to Internet and will be accessible trought L2TP/IPSec.

I create seperate network for it.
192.168.66.0/24
Server IP 192.168.66.100 GW 192.168.66.1
Separate network bridge IP: 192.168.66.1
Server is connected to MK via. port eth4

So what I did.
/ip firewall rules
chain= forward in.interface=bridge_private out. interface=WAN(Internet) action= drop

It is enought to block all access from and to server ? Even if there will be users connection to this network subnet via L2TP/IPSEC ? I really want block all comunication out and in for this server. It contains sensitive data.

djfrancis · September 27, 2017, 3:14pm

Hello Fires, try this code:

/ip firewall filter
add chain=forward action=drop src-address=192.168.66.100 dst-address=!192.168.66.0/24
add chain=forward action=drop dst-address=192.168.66.100 src-address=!192.168.66.0/24

The first rule allows to server to comunicate only with 192.168.66.0/24 subnet.
The second rule allows only to 192.168.66.0/24 subnet communicate to server

I hope this helps you!