Hi, i am new to mikrotik, and i have a question about webfig. If i assign address to interface eth2 for example 10.8.8.1, and another address but different subnet on eth3 10.8.7.1, why is webfig accessible on both networks (on 10.8.8.1 and 10.8.7.1)? I am running dhcp on eth2 and eth3 (of course with proper pool).
I want two things:
-eth3 only internet acces, because it will be used for public internet, so it must be isolated from eth2 (admin port)
-eth3 not be able to access webfig, or in other words, not be able to access any other router IN point (i know, i tend to confuse people:))
I already tried blocking traffic with firewall. If i add firewall rule:
chain=forward
In. Interface=eth3
Out. Interface=!MY_WAN_PORT
action=drop
This prevents traffic between eth3 and all other interfaces, except eth1-gateway (my wan), which is desirable, but i can still access webfig (10.8.7.1) when i am in 10.8.7.0 network.
So I add another rule:
chain=input
In. Interface=eth3
action=drop
And now i can’t access webfig, but also internet.
All my configuration is default, i am using ROS6.11 on RB2011UiAS-2HnD-IN.
Where is the problem?
p.s.: I am sorry, if this problem was already addressed, but i really didn’t find it.
All help is appreciated!
Anze