hello i am beginner, i have 2 IP DHCP and i want to make Isolation,
IP1=10.10.1.1/16
IP2=192.168.20.20/24
and how to make user1 10.10.1.15 can’t go user2 192.168.20.14
You should use filters in the forward chain of IP Firewall to control traffic between subnets.
Add 2 rules in IP > Firewall > Filters
i) chain= forward source-address = 10.10.1.0/16 dst-address=192.168.20.0/24 action=drop
ii) chain= forward source-address = 192.168.20.0/24 dst-address=10.10.1.0/16 action=drop
That should do it.
that block both side
i want to block one side
user1 10.10.0.0/16 can not come in to user2 192.168.20.0/24
and
user2 192.168.20.0/24 can come in user1 user1 10.10.0.0/16
i try only thet chain= forward source-address = 10.10.1.0/16 dst-address=192.168.20.0/24 action=drop but don’t work :S
please help
that block both side
i want to block one side
user1 10.10.0.0/16 can not come in to user2 192.168.20.0/24
and
user2 192.168.20.0/24 can come in user1 user1 10.10.0.0/16
i try only thet chain= forward source-address = 10.10.1.0/16 dst-address=192.168.20.0/24 action=drop but don’t work :S
please help
No, that won’t work.. that won’t be that easy (or might not be possible at all) .. And I can’t think of a way doing this at the moment.
I think it can be done.
Allow 192.168.20.0/24 to 10.10.0.0/16 and only allow only established and related traffic the opposite direction
add chain=forward src-address=192.168.20.0/24 dst-address=10.10.0.0/16 action=allow
add chain=forward src-address=10.10.0.0/16 dst-address=192.168.20.0/24 connection-state=established action=allow
add chain=forward src-address=10.10.0.0/16 dst-address=192.168.20.0/24 connection-state=related action=allow
add chain=forward src-address=10.10.0.0/16 dst-address=192.168.20.0/24 action=drop