Mikrotik port isolation

Valentin17 · December 29, 2022, 8:02am

Hi all.
I am using Mikrotik HAP Lite router, i have a Nextcloud server connected to ethernet port 4, wan port connected to ethernet port 1, my LAN network with my PCs connected to port 2.
After first config of RuterOS i removed ethernet port 4 from bridge and configured port isolation so ethernet port 4 (nextcloud) can only comunicate with ethernet port 1 (wan).

So my question is this. Is this config enough so if someone hacks my nextcloud server that it can not gain access to my LAN home network and to my PCs that are connected to that network on ethernet port 2.

Thank you for all your help. I am very glad to be using Mikrotik router in my home network.

anav · December 30, 2022, 6:10pm

/export file=anynameyouwish ( minus router serial number and any public WANIP information)

Will have a look.

Guscht · December 30, 2022, 6:51pm

Id recommend to create a DMZ with VLANs. So you can connect to a device in the DMZ and the answer coming to from the DMZ to the LAN (belonging to the LAN to DMZ connection) is allowed. But no new connection form the DMZ to the LAN is allowed.