Hello everyone, I tried to block connections between 2 subnets by the forward + drop in the firewall screen and also terminal screen but i can still ipconfig to the other subnet. I checked myself here and in other places to ensure that I didn’t make any mistake. Please help me !
What do you mean by “ipconfig to the other subnet”?
Maybe draw us a picture and share some more detailed information about your configuration(s)
I have 2 subnets: 10.20.0.0 & 10.0.0.0.
firewall rules: /ip firewall filter add chain=forward action=drop src-address=10.20.0.0/24 dst-addresss=10.0.0.0/24
/ip firewall filter add chain=forward action=drop src-address=10.0.0.0/24 dst-addresss=10.20.0.0/24
to check if i succeeded, in the command line of a 10.0.0.0 subnet computer i typed “ipconfig 10.20.0.254”. I got a connection - meaning that I can connect the other subnet.
You probably mean you type ping!
And what device is holding the IP 10.20.0.254.
If it is the router (interface connected to the 10.20.0.0/24 subnet) it makes sense, because connections to the router itself are handled in the input chain.
Rudios - you are right. I typed ping and not ipconfig. And yes, 10.20.0.254 is the router’s address of 10.20.0.0/24 subnet.
How can i check that that the separation between the 2 subnets works ? Pinging the static adrresses inside the other subnet ?
In order to know your firewall rules are blocking the traffic in the right way,
Just ping from a PC in one subnet to a connected client on the other subnet (No the router itself)
thanks alot. it worked.