Separate 2 networks, non firewall method.

RouterOS Beginner Basics
1

/ip address print detail
address=192.168.1.245/24 network=192.168.1.0 interface=WAN
actual-interface=WAN
address=192.168.0.1/24 network=192.168.0.0 interface=LAN1
actual-interface=LAN1
address=10.100.100.1/24 network=10.100.100.0 interface=wlan1
actual-interface=wlan1

/ip route print detail
0 A S dst-address=0.0.0.0/0 gateway=192.168.1.1
gateway-status=192.168.1.1 reachable via WAN distance=1 scope=30
target-scope=10
1 ADC dst-address=10.100.100.0/24 pref-src=10.100.100.1 gateway=wlan1
gateway-status=wlan1 reachable distance=0 scope=10
2 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.1 gateway=LAN1
gateway-status=LAN1 reachable distance=0 scope=10
3 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.245 gateway=WAN
gateway-status=WAN reachable distance=0 scope=10


I have to know, which methods of network separating supported by mikrotik.
The first method what i known is Firewall rules. Is it the only one method?

1 network on wlan interface
2 network on lan interface
I need to separate it.

2

It’s the router, routing is its default task. There is only firewall way to do separation:

ip firewall filter add chain=forward in-interface=LAN1 out-interface=wlan1 action=drop 
ip firewall filter add chain=forward in-interface=wlan1 out-interface=LAN1 action=drop
3

The term “firewall” is somewhat vague even though it is widely used. In the case of RouterOS any alteration of the forwarding table is carried out in /IP Firewall even although such rules might be used to produce non-firewall behaviour.

Please indicate what you actually want to achieve - that will make it easier to identify suitable suggestions.

4

Hi Forum,

I have the the nearly same situation with two separte LAN.

LAN A should have access to LAN B.
LAN B should not have access to LAN A

My interfaces are eth3 and bridge1 and so I tried:

ip firewall filter add chain=forward in-interface=bridge1 out-interface=eth3 action=drop

(this has done nothing, according to the traffic monitor in Winbox and I still have access on both sides)

ip firewall filter add chain=forward in-interface=eth3 out-interface=bridge action=drop
(this stopped the access on both sides)

If anyone could help, I would be grateful.