prevent access from ppoe clients to mikrotik

franrtorres77 · July 15, 2013, 3:54pm

Hello.

I have set up a ppoe server and now clients can browse internet. But the problem is that clients can access to my entire network and then open my routers, access points, cpes, etc.. How can I prevent this?

My networks diagram is like this:

10.100.1.1 (router mikrotik ppoe server)

10.100.1.2 (access point)

10.100.1.3 (cpe)

router for customer (192.168.0.1ppoe client)

192.168.0.2 (pc)

So from 192.168.0.2 the customer can access to my mikrotik router or access points.

Hope anyone can help me, thank yopu very much in advance.

Best regards.

Fran

franrtorres77 · July 15, 2013, 10:46pm

anyone?

dancho · July 15, 2013, 10:51pm

why don’t you put passwords to all of your routers?

Rudios · July 16, 2013, 5:28am

Block the traffic in your input chain of the firewall

CelticComms · July 16, 2013, 5:47am

You can limit layer 2 traffic from the customer router to PPPoE traffic. If the PPPoE connection also provides layer 3 to infrastructure you need to consider appropriate later 3 controls such as firewall settings.

franrtorres77 · July 16, 2013, 3:57pm

you mean to block the rest of connections but the ppoe traffic using an input firewall rule?

CelticComms · July 16, 2013, 5:28pm

If the connection is bridged you can use bridge filters to restrict traffic to PPPoE traffic.

franrtorres77 · July 17, 2013, 7:21pm

Hello, I have done a rule for restrict all forward and input PPP traffic aimed to my internal networks. and it is working perfectly.

thanks for your help.