let me explain
I’m using RB433 like shown in the img
I want to be able to surf when I connect to the WiFi - but won’t be able to enter my network that is after the firewall
something like WiFi for guest ,this is why I don’t want them to connect to the office network
my question is - if I will only do
/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade
is it safe ? will it block all connection inside? do I need to add another rule?
Thanks ,
Just to insure I understand…eth1 is the gateway to the internet and eth2 is your localnet?
yes
Ether2 is LAN(Firewall)
ETH1 is WAN (modem)
Wlan1(WiFi)
You must use the firewall filter to block that. I presume the network is 10.0.0.x/24.
/ip firewall filter
add chain=forward action=drop src-address=10.0.0.0/24 dst-address=152.174.x.x/29
the network of the WiFi?
yes it is 10.0.0.x/24
also another question that I just pop out
my office network is also 10.0.0.x -it does need to Interfere אם it ,right?
Then that rule will block what you want. Insure there is no forward rules above that rule that may allow access to that network. If in doubt, move that rule above any other forward chain rules.
If your 10.0.0.0/24 office network is behind a NAT on another router, it won’t interfere.
O.K- it’s working
thanks you very much!