OK, So I’ve bought a Windows 98 retro gaming PC that I want to hook up to my network to access my NAS where I store all the games.
I was wondering if I should place the Windows 98 PC on a separate network without Internet access, but with a route to my LAN to access the NAS?
or is that overkill?
if so would a firewall be sufficient to keep a windows 98 PC safe?
Duplicate post somehow…
If you would like to block Internet access for some pc just drop all traffic from it facing out by the wan interface in forward chain. The same in opposite way in case you need to keep upnp enabled.
Maybe drop all inbound traffic from its ip in input chain too.
I would just leave the Win98 PC on the same lan, even let it be DHCP client, and put a rule in the forward chain:
action=drop in-interface=LAN src-mac-address=xx:xx:xx:xx:xx:xx
Of course you need to make sure this filter rule is placed in the chain before rules that allow new outbound connections to the Internet.
did you mean LAN or WAN?
It’s just Internet access I want to block in this case, I’d still want to be able to access my NAS.
LAN. If the Win98 pc talks to the NAS, then those packets aren’t even going to go through the Mikrotik at all.
The forward chain only applies to packets that the Mikrotik is forwarding as a router. If you have a LAN bridge then traffic between different ports on the bridge aren’t being routed so they won’t get filtered by the forwarding table.