I am setting up a new network with new two subnets on two vlans, vlan400 10.0.0.0/24 and vlan251 10.249.251.0/24. What I would like to be able to work on Vlan251 and see all my routers and servers on vlan400. but i dont want anything on Vlan400 to see anything on vlan251.. Im sorry I have searched high and low for how to do this. I can get it to block all the traffic or just the gateway.
Thanks for any help that can be given
Johnson NETwork
If by “see all my routers and servers” you mean SMB browsing in Windows, that’s impossible unless you’re using WINS or AD, as NetBIOS is broadcast.
That said, the below allows 10.249.151.0/24 to establish connections to 10.0.0.0/24, but not vice versa. You didn’t find it because it’s basic firewall configuration covered in the “IP firewall filter” wiki manual, though not explicitly.
/ip firewall filter
add chain=forward connection-state=established action=accept
add chain=forward connection-state=related action=accept
add chain=forward connection-state=invalid action=drop
add chain=forward src-address=10.249.151.0/24 dst-address=10.0.0.0/24 action=accept
add chain=forward action=drop
Note that the snippet will only permit that specific traffic, and drop everything else - so it probably has to be adjusted to whatever other firewall needs you have.
Thank you fewi! I will read over the Wiki slower. sorry for such beginner question.