Mikrotik hEX as tap\filter

NightKnight · August 14, 2017, 1:15pm

Hello all

i just got my new mikrotik model hEX
i tried to configure it to filter traffic that comes from TAP

its connected to TAP and to a device that listen in promiscuous mode
i want it to filter a list of ip’s and forward it to the port of the promiscuous device
can you help me figure out how to achieve this ?

NightKnight · August 14, 2017, 3:28pm

so .. if i understood right
i should use the switch → rule
chose the source port , the DST.Address.
mirror, set new DST.Port

do you think it will work ?

anyway i will need to replace my router to another model that support the Rule thing

pe1chl · August 14, 2017, 3:33pm

First you need to make more clear what you want.
Please understand that the rest of the world does not know your project and your objectives, and cannot
give suitable advise when you ask questions in this format.

NightKnight · August 15, 2017, 12:45pm

hi , sorry i was thinking its more clear

i hope this will help

pe1chl · August 15, 2017, 1:06pm

Ok you can take the two ports out of the switch (remove master-port on all ethernet interfaces),
create a bridge and put the two ports in it, enable IP firewall on the bridge (option in the bridge menu)
and then create appropriate DROP rules in the firewall forward table.

NightKnight · August 16, 2017, 10:47am

Hi pe1chl, thank you so much for your answer

i did a test , configured ports 3 and 4 as bridge

on port 3 (hub side) i connected a pc with tcprplay with a pcap file from the original network
on port 4 (probe side) i connected a pc with wireshark

the bridge works in the following way:
it learns what MAC address are connected to each port\side of the bridge and then decides if the destination is on same port or if to forward to the other port\side

now im playing pcap from port 3 and the router think all MAC address are belong to the side of port 3 and not forwarding it to port 4.

is there a why to make the router forward all packets to the other side ?
is there a why to configure MAC address on port 4 ?

pe1chl · August 16, 2017, 11:04am

Ahh that is a problem, the bridge only forwards traffic for MAC addresses on the other side.
It may not be possible to do it this way.

NightKnight · August 16, 2017, 2:16pm

ok i found solution on pfsense

http://www.baoqy.com/en/blog/?p=81

do you think same thing can be achieved on mikrotik ?