Dear Colleagues,
I am new with MikroTik RB2001UAS-2HnD-IN and trying to make friends with RouterOS.
Generally, I am using default set up, but want to create public wifi through virtual AP (wlan2) in parallel with private WIFI(wlan1) and LAN.
So, I was able to create wlan2, network 192.168.1.0/24 (router address 192.168.1.1). The LAN and wlan1 use default network 192.168.88.0/24 (default router address 192.168.88.1).
But now, I want to prevent access from 192.168.1.0/24 to 192.168.88.0/24. The internet should be accessible from both networks.
Please, could you help me what and how should be the firewall/NAT set up to meet the idea above?
Thank you in advance…
Check in IP Firewall and see what filters (if any) you have in the forward chain. If there are no filters then the router is by default routing all known paths.
If you want this unit to act as a firewall then in very basic terms you want to allow:
NEW connections from the LAN interfaces to the WAN interfaces
ESTABLISHED connections (from/to any)
RELATED connection (from/to any)
Drop (do not forward anything else) - this would by implication exclude NEW connections LAN <> LAN