Dear all,
I have reset-configuration on RB750GL and all manual configure to make 2 network (Exclude WAN port) separately.
My scenario: ether1= WAN, ether2=LAN1, ether3=LAN2 each ports is independent no master and sleeve. I want to make LAN1 & LAN2 unable to communicate each other but can access internet. (LAN1 # LAN2; LAN1 <=> WAN; LAN2 <=> WAN)
Network: WAN=10.10.10.0/24, LAN1=192.168.1.0/24, LAN2=192.168.2.0/24
I don’t want MKT makes dynamic route LAN1 and LAN2 together, is it possible to make it?
Thanks.
I use something like this to keep my networks from talking to one another. They are only allowed out the WAN port.
ip firewall filter
add action=drop chain=forward in-interface=ether2 out-interface=!ether1
add action=drop chain=forward in-interface=ether3 out-interface=!ether1
Some versions ago, such rules failed if the ether1 port in your example would be down and it would not drop anything.
Never checked it again, but I haven’t seen a fix announced in the changelogs.
Something like this would be the workaround:
ip firewall filter
add action=accept chain=forward in-interface=ether2 out-interface=ether1
add action=accept chain=forward in-interface=ether3 out-interface=ether1
add action=drop chain=forward in-interface=ether2
add action=drop chain=forward in-interface=ether3
Thank so much guys.
I have tested you both command code it work both way while my RouterOS v.6.27 I did not notice any problem.
Thank for help. 