Community discussions

MikroTik App
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 08, 2021 12:36 pm

Hello.I am currently in the need of help setting up my home network.
First of all i have basic knowledge of networking and and im finding kinda of difficult familiarizing with RouterOS.My building consists of 3 houses and one main internet connection. Basicaly my previous setup Was just the ISP's modem/router/ap handling 5 pc's,6 phones,smart tvs ,etc.And i had a number of problems with either wifi or the router needing to be restarted or ping spikes while gaming the usual problems.Since my building is renovating i had the chance to basically wire all 3 homes to my closet and build a small network rack with a patch panel/ 16 port switch/Mikrotik RB750Gr3/and also another 8 port poe swithc for my cameras /Below i designed a diagram to help you understand my setup.

So Basically everything is setup and wired all thats left is for my mikrotik to be setup'ed propertly.
I have established a ppoe client on my MT from my ISP's router on ether1/wan . I created NAT to for pppoe to allow internet.I Created a new ip address 192.168.2.0/24 .I Bridged Ether2-5 on bridge1.
I gave the 192.168.2.0 to bridge1 and created DHCP server on bridge1 to hand out ip's from 192.168.2.15-192.168.2.254.Everything kinda works but i need a more advanced config becouse i want to isolate my IoT devices such as smart switches smart bubls etc and also use that network for my cctv system.I think the best way to do that is to create VLAN on ether 3 but althought i researched a lot i kind of fell short.So i would like to ask how can i create a Vlan on ether3 that i can administer from my main computer and maybe controll the devices without chaning wifi but also those devices cant access my main netwrok? Is that possible?Basically i want to acces devices on vlan300 but i dont want devices to acces my main network.I also have many more questions but i kinda wanna solve this matter so everything is setup propertly,
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7884
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 08, 2021 5:38 pm

Best bet is to read this article.
viewtopic.php?f=23&t=143620
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
k6ccc
Forum Veteran
Forum Veteran
Posts: 720
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 08, 2021 6:31 pm

What you want to do is really quite straight forward for VLAN use. The link that anav posted is a good start. I am doing a similar concept (more stuff and more VLANs however) at my house with the same RB750Gr3 router. Can I assume that all your WiFi APs are UBNT? Are they VLAN aware? I am a strong supporter of isolating the IoT devices so they are outside of your primary LAN. Don't entirely trust honorable Chinese camera (or other devices). Curious what your "Wired repeater and Wifi" device is at the two remote locations?
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission

Warning: I know enough to be dangerous...

Jim
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 4874
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 08, 2021 6:48 pm

put home 2 and home 3 on ether 4 & 5,
do not worry about vlan, we do not know if switch are managed or not.

ether1 <- ISP
ether2 -> IoT -> 8 port PoE switch -> all IoT device, powered by PoE or not
ether3 -> home 1 - > 16 port switch
ether4 -> home 2
ether5 -> home 3

do not use any form of bridge

DHCP of things -> ether2
DHCP house 1 -> ether3
DHCP house 2 -> ether4
DHCP house 3 -> ether5

on firewall add:
drop ether4->non wan
drop ether5->non wan

done about LOCAL security

IoT and house 1 are not on same broadcast domain but you still reach IoT devices
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7884
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 08, 2021 10:55 pm

Agree for simplicity if you dont need two subnets going over the same port, on any port, then one doesnt really need vlans or bridges.
However it is good practice if you think you will eventually need mutiple LANs over a single port.
With a smart Access point and a smart switch guaranteed this is the case.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Wed Jun 09, 2021 11:23 am

What you want to do is really quite straight forward for VLAN use. The link that anav posted is a good start. I am doing a similar concept (more stuff and more VLANs however) at my house with the same RB750Gr3 router. Can I assume that all your WiFi APs are UBNT? Are they VLAN aware? I am a strong supporter of isolating the IoT devices so they are outside of your primary LAN. Don't entirely trust honorable Chinese camera (or other devices). Curious what your "Wired repeater and Wifi" device is at the two remote locations?
So the ap ac lite I’m using is vlan aware .Today I have time going to read through the topic anab posted .Those 2 repeaters are some xiaomi routers I had lying around and I have configured them to function basically as a switch and aps’
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Wed Jun 09, 2021 11:24 am

put home 2 and home 3 on ether 4 & 5,
do not worry about vlan, we do not know if switch are managed or not.

ether1 <- ISP
ether2 -> IoT -> 8 port PoE switch -> all IoT device, powered by PoE or not
ether3 -> home 1 - > 16 port switch
ether4 -> home 2
ether5 -> home 3

do not use any form of bridge

DHCP of things -> ether2
DHCP house 1 -> ether3
DHCP house 2 -> ether4
DHCP house 3 -> ether5

on firewall add:
drop ether4->non wan
drop ether5->non wan

done about LOCAL security

IoT and house 1 are not on same broadcast domain but you still reach IoT devices
Very interesting approach and seems a lot simpler I will give it a try switches are unmanaged .I would like thought to assign to iots different subnets so I can distinguish them in winbox so I know all 10.0.0.0 are iots and guests and 192.168.2.0 are safe devices
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Wed Jun 09, 2021 8:03 pm

so for now i have this.I did not use vlans.Basically i want 2 seperated networks ,Main and Iot network .I want all 3 house to comunicate with each other mainly couse of my freenas/plex so. I created a bridge for ether2-3 called MainBridge with ip 192.168.2.1/24 and Iot bridge on ether4-5 with 10.0.0.1/24 . Both have aprpopriete dhcp servers.
So to test i connect 2 laptops.One on ether 2 and the other on ether 5.laptop 1 got 192.168.2.254 and the other 10.0.0.254.All good. BUT i could ping each other meaning networks were comunicating.So i added firewall rule as you said so MainBridge drops any connections attempt from Iotbridge but not vice versa.So i can ping laptop 2 from laptop 1 but not the other way around.I think that is what was looking isnt it.Am i missing something?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7884
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Wed Jun 09, 2021 8:23 pm

Without seeing your config..... hard to say
/export hide-sensitive file=anynameyouwish
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
JazzMaster
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Wed Jan 16, 2019 7:18 pm
Location: Indiana , USA

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Thu Jun 10, 2021 4:49 pm

so for now i have this.I did not use vlans.Basically i want 2 seperated networks ,Main and Iot network .I want all 3 house to comunicate with each other mainly couse of my freenas/plex so. I created a bridge for ether2-3 called MainBridge with ip 192.168.2.1/24 and Iot bridge on ether4-5 with 10.0.0.1/24 . Both have aprpopriete dhcp servers.
So to test i connect 2 laptops.One on ether 2 and the other on ether 5.laptop 1 got 192.168.2.254 and the other 10.0.0.254.All good. BUT i could ping each other meaning networks were comunicating.So i added firewall rule as you said so MainBridge drops any connections attempt from Iotbridge but not vice versa.So i can ping laptop 2 from laptop 1 but not the other way around.I think that is what was looking isnt it.Am i missing something?
I would really love to see your config setup. Please post it.
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Thu Jun 10, 2021 9:44 pm

so for now i have this.I did not use vlans.Basically i want 2 seperated networks ,Main and Iot network .I want all 3 house to comunicate with each other mainly couse of my freenas/plex so. I created a bridge for ether2-3 called MainBridge with ip 192.168.2.1/24 and Iot bridge on ether4-5 with 10.0.0.1/24 . Both have aprpopriete dhcp servers.
So to test i connect 2 laptops.One on ether 2 and the other on ether 5.laptop 1 got 192.168.2.254 and the other 10.0.0.254.All good. BUT i could ping each other meaning networks were comunicating.So i added firewall rule as you said so MainBridge drops any connections attempt from Iotbridge but not vice versa.So i can ping laptop 2 from laptop 1 but not the other way around.I think that is what was looking isnt it.Am i missing something?
I would really love to see your config setup. Please post it.
Currently im away from home for couple days ill post ass soon as i sit on my pc.
Basically i have Main Bridge(eth2-3) and Iot bridge(eth4-5).each have their own ip address.
If i remember correctly for iot bridge to only have wan acces but not lan access i simply adde 1 firewall filter.
Chain-Output Out inteface IotBridge action-block
after that laptop 2 connected to iot bridge could not reach gateway nor ping laptop 1 but laptop one could ping laptop 2.
Im experimenting i dont think this is the final config by any means,router os has many capabilites but for a novice like me its really hard to accomplish even the simple things!! Anyway ill post my config asap!
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 15, 2021 3:51 pm

so back home again to continioue experiments.Today i connected two smart switces and turns out i could control them no matter what wifi i was in.So instead of output i added chain-forward but now everything is blocked .Here is my cfg .
# jun/15/2021 15:48:31 by RouterOS 6.48.3
# software id = 9GTC-CMYL
#
# model = RB750Gr3
# serial number = CC210E0F342C
/interface pppoe-client
add add-default-route=yes allow=pap,chap dial-on-demand=yes disabled=no \
interface=ether1 name=pppoe-out1 use-peer-dns=yes user=xxxx
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add hotspot-address=192.168.2.1 html-directory=flash/hotspot name=hsprof1
/ip pool
add name=dhcp_pool6 ranges=192.168.2.15-192.168.2.254
add name=dhcp_pool8 ranges=10.0.0.22-10.0.0.254
add name=dhcp_pool9 ranges=10.0.0.10-10.0.0.254
/ip dhcp-server
add address-pool=dhcp_pool6 disabled=no interface=ether2 name=dhcp1
add address-pool=dhcp_pool9 disabled=no interface=ether5 name=dhcp2
/queue simple
add max-limit=3M/50M name="KATW SPITI" target=ether5
/ip neighbor discovery-settings
set discover-interface-list=all
/ip address
add address=192.168.2.1/24 interface=ether2 network=192.168.2.0
add address=10.0.0.1/24 interface=ether5 network=10.0.0.0
/ip arp
add address=192.168.2.5 mac-address=9C:9D:7E:63:8D:E7
add address=192.168.2.8
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server lease
add address=192.168.2.2 client-id=1:70:85:c2:3b:53:ca mac-address=\
70:85:C2:3B:53:CA server=dhcp1
add address=192.168.2.3 client-id=1:6:ba:e1:31:41:eb mac-address=\
06:BA:E1:31:41:EB server=dhcp1 use-src-mac=yes
/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1
add address=192.168.2.0/24 dns-server=195.170.0.1,212.205.212.205 gateway=\
192.168.2.1
/ip firewall address-list
add address=192.168.2.0/24 list=support
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
d this subnet before enable it" disabled=yes list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
need this subnet before enable it" disabled=yes list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you\
\_need this subnet before enable it" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment=\
"MC, Class D, IANA # Check if you need this subnet before enable it" \
disabled=yes list=bogons
add address=10.0.0.0 list=IOT
/ip firewall filter
add action=drop chain=forward log=yes out-interface=ether5
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip firewall service-port
set ftp disabled=yes
/ip hotspot ip-binding
add address=192.168.2.10 mac-address=F4:92:BF:10:A8:9B
/ip hotspot user
add name=admin
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.2.0/24 port=800
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Athens
/system script
add dont-require-permissions=no name=script1 owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="a\
dd chain=forward action=fasttrack-connection connection-state=established,\
related \\\r\
\n comment=\"fast-track for established,related\";\r\
\n add chain=forward action=accept connection-state=established,related \
\\\r\
\n comment=\"accept established,related\";\r\
\n add chain=forward action=drop connection-state=invalid\r\
\n add chain=forward action=drop connection-state=new connection-nat-stat\
e=!dstnat \\\r\
\n in-interface=ether1 comment=\"drop access to clients behind NAT form\
\_WAN\""

To remind you i want ether 5 to be reachable from ether 2 but but not be able to reach ether 2
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7884
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 15, 2021 4:27 pm

What is the point of this.............
add name=dhcp_pool8 ranges=10.0.0.22-10.0.0.254
add name=dhcp_pool9 ranges=10.0.0.10-10.0.0.254

missing dns-server on the first address
/ip dhcp-server network
add address=10.0.0.0/24 gateway=10.0.0.1
add address=192.168.2.0/24 dns-server=195.170.0.1,212.205.212.205 gateway=\
192.168.2.1

Why do you have a www address entered, for what purpose?
set www address=192.168.2.0/24 port=800

You dont have any firewall rules...........really to speak of
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 15, 2021 5:00 pm

Many of these are leftovers from something I deleted like double dhcp pool .or no dns .I’m basically experimenting and trying to figure one thing at a time .And then I’ll just create new fresh config.
Really I thought I’ll figure it out when I bought my router but it kinda of seems a more noob friendly router would have been a better choice …currently I don’t know if I should invest more time into learning ros or just buy something else .From your response I get everything is kinda wrong right

so i cleaned up a bit and added basic firewall rules
# jun/15/2021 18:23:47 by RouterOS 6.48.3
# software id = 9GTC-CMYL
#
# model = RB750Gr3
# serial number = CC210E0F342C
/interface pppoe-client
add add-default-route=yes allow=pap,chap dial-on-demand=yes disabled=no \
interface=ether1 name=pppoe-out1 use-peer-dns=yes user=xxxx
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add hotspot-address=192.168.2.1 html-directory=flash/hotspot name=hsprof1
/ip pool
add name=dhcp_pool6 ranges=192.168.2.15-192.168.2.254
add name=dhcp_pool9 ranges=10.0.0.10-10.0.0.254
/ip dhcp-server
add address-pool=dhcp_pool6 disabled=no interface=ether2 name=dhcp1
add address-pool=dhcp_pool9 disabled=no interface=ether5 name=dhcp2
/queue simple
add max-limit=3M/50M name="KATW SPITI" target=ether5
/ip neighbor discovery-settings
set discover-interface-list=none
/ip address
add address=192.168.2.1/24 interface=ether2 network=192.168.2.0
add address=10.0.0.1/24 interface=ether5 network=10.0.0.0
/ip arp
add address=192.168.2.5 mac-address=9C:9D:7E:63:8D:E7
add address=192.168.2.8
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server lease
add address=192.168.2.2 client-id=1:70:85:c2:3b:53:ca mac-address=\
70:85:C2:3B:53:CA server=dhcp1
add address=192.168.2.3 client-id=1:6:ba:e1:31:41:eb mac-address=\
06:BA:E1:31:41:EB server=dhcp1 use-src-mac=yes
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=195.170.0.1,212.205.212.205 gateway=\
10.0.0.1
add address=192.168.2.0/24 dns-server=195.170.0.1,212.205.212.205 gateway=\
192.168.2.1
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=Bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
d this subnet before enable it" list=Bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=Bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=Bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
need this subnet before enable it" list=Bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=Bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
Bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=Bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=Bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=Bogons
add address=224.0.0.0/4 comment=\
"MC, Class D, IANA # Check if you need this subnet before enable it" \
list=Bogons
/ip firewall filter
add action=drop chain=forward out-interface=ether5
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=input port=69 protocol=udp
add action=accept chain=forward port=69 protocol=udp
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
Bogons
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
/ip firewall service-port
set ftp disabled=yes
/ip hotspot ip-binding
add address=192.168.2.10 mac-address=F4:92:BF:10:A8:9B
/ip hotspot user
add name=admin
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=800
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Athens
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7884
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 15, 2021 6:50 pm

Its all fixable without much fuss.........
I started with a hex router, now have two, one is a backup and the other is a switch.
Quite capable devices for up to 800 up and down service
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 15, 2021 7:53 pm

Its all fixable without much fuss.........
I started with a hex router, now have two, one is a backup and the other is a switch.
Quite capable devices for up to 800 up and down service
So maybe you can advice me with a proper setup ?
All I want is basic security from internet
Ether1 is pppoe isp
ether2 main network
Ether5 guest/iot network
I want ether 5 to be isolated kinda but I want to have to it from main network
That’s all if you can post the correct firewall rules I’ll be grateful
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7884
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 15, 2021 7:54 pm

under the wx today, maybe tomorrow :-(
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 15, 2021 8:07 pm

under the wx today, maybe tomorrow :-(
Sure whenever you can
 
mkx
Forum Guru
Forum Guru
Posts: 6230
Joined: Thu Mar 03, 2016 10:23 pm

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Tue Jun 15, 2021 8:22 pm

@zedoxx: what I'd do is the following:
  1. reset to default config
  2. use quickset to configure WAN ... PPPoE
  3. go into "normal" GUI and mnever ever go back to quickset unless you repeat config from step #1
  4. remove ether5 from bridge
  5. add IP address to ether5. Configure additional address pool and DHCP server on ether5
  6. add a firewall filter rule which blocks connections originating from ether5 and targeting LAN:
    filter add chain=forward action=drop comment="block connections from IoT/guest to LAN" connection-state=new in-interface=ether5 out-interface-list=LAN
    
    Move it to pennultimate place in chain=forward which should be just below this rule:
    filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
    

When executing step #4 be sure you connect via interface other than ether5.
BR,
Metod
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 7884
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Wed Jun 16, 2021 12:21 am

Thats it in a nutshell, LOL.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
zeedoxx
just joined
Topic Author
Posts: 10
Joined: Tue Jun 08, 2021 10:22 am

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Thu Jun 24, 2021 11:17 pm

Hello again i followed what mkx said and everything works fine.Been testing for last 5 days and i think is all good.Thanks a lot it was after all quite simple hah.
Here is a pic of my cute little setup with my mini rack and my old desktop running proxxmox for (homeassistant,truenas,unifi) soon to add cctv nvr etc.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: abulat and 30 guests