need help asap

iwantlemonjuice · April 25, 2009, 3:54am

guys my setup is, i have my hotspot server in 10.12.0.X in port 4 and my FEDELIO hotel server in the port 2 which is ip of 10.2.2.21
my point is i dont want my fedelio access any client belong to 10.12.0.x network, my drop rules is >>> chain=forward src address=10.12.0.0/24 dst address= 10.2.2.21 protocol=icmp action=drop

but! then i connected to hotspot 10.12 network i ping 10.2.2.21 the server is drop,. but i map my fedelio server \10.2.2.21\c$ it show username and password!! oh my i dont want my server getting risk

i think microsoft use this >> Link Layer Topology Discovery (LLTD) protocol which is this protocol not included in mikrotik features, corect me if im wrong
please post your solution regarding this matter

thanks

iwantlemonjuice

SurferTim · April 25, 2009, 9:37am

That rule only blocks ICMP packets (ping). If you want to block everything, drop the protocol:
add chain=forward src-address=10.12.0.0/24 dst-address=10.2.2.21 action=drop

If you put what you want in the subject (like “firewall challenge” for this), it may help get you more responses.

iwantlemonjuice · April 25, 2009, 1:49pm

thanks for reply surf

i resolved my issue now i drop all tcp, icmp and udp from 10.12.0.0/24 to 10.2.2.21 and its works wohooooo!!! hehehe

Chupaka · April 26, 2009, 1:02pm

well, you may just drop all, not only icmp, tcp and udp =) just remove ‘protocol’ value =)