i have serious security problem. When users connecto Mikrotik and given IP 10.100.10.XXX they can actually ping our equipment/machine with 192.168.25.xxx IPs. LAN not suppose to “talk” to WAN isnt it?or the way aroung. ANy script that disable ping, telnet to the machine?
i am super noob
As I’m also new to Mikrotik, but had played around a bit on Linux as router. So, I can only guess that packet filter will help. Add rules such that it would drop new icmp request packet that have 10.100.10.0/24 as source and 192.168.25.0/24 as destination.
You can try, but maybe someone else can give better opinions.
http://wiki.mikrotik.com/wiki/Firewall there are some nice examples how to secure router.
thanks bro..
one thing i found out just now…when i connected to hotspot and suppose to get 10.100.10.xxx IPs…i changed my IP to static IP to 192.168.25.xxx (same ip segment to all equipments)…i can ping,telnet and stuff to the equipment..very not secure…
Hi,
It’s what UPnP (universal Plug & Play) for.
No matter how you set IP on your laptop/PC, you can connect to the hotspot gateway (after entry the username and password). IP configuration on laptop will be ignored by the router.
This feature makes it’s easier the manage a hotspot area, we don’t have to ask user to change IP Address, or to make it blank and get DHCP. Not many people know how to set IP Address, even they don’t know if they have static IP on their laptop and how to remove it.