Manage two distinct subnet behind WAN

alkampfer · May 22, 2019, 1:03pm

Hi,

I have a Mikrotik Hex S, actually my Wan is 192.168.0.0/24 where internet gateway is 192.168.0.1 and my LAN is 192.168.1.0/24. Everything works perfectly.

Now I want to configure one of the port, say 3rd one, to another network 192.168.2.0/24 and I want machines from that network only being able to access internet through 192.168.0.1, but none of the other machines in the other 2 networks.

I’m new to microtik and I found lots of documentation about Master and slave ports, a concepts that is now gone in latest OS version

Anyone can point t me in the right direction?

Thanks a lot in advance

Gian Maria.

mkx · May 22, 2019, 2:39pm

Remove port ether3 from bridge
add IP eddress to ether3 (e.g. 192.168.2.1/24)
add firewall filter rules

/ip firewall filter
add chain=forward src-address=192.168.1.0/24 dst-address=192.168.2.0/24 action=drop
add chain=forward src-address=192.168.2.0/24 dst-address=192.168.1.0/24 action=drop

at the end of firewall filter rule list.
4. configure additional services which router should offer to the new LAN (e.g. DHCP server, DNS server, …) If you do, add appropriate firewall rules

The most important step is actually step #3 (firewall tules) … the example above is assuming that firewall rules on the device are at default before starting to add a LAN subnet.

alkampfer · May 24, 2019, 11:09pm

Thanks, actually I’m OOF for a conference, I’ll try at soon as I’ll return on the office

Thanks again