Community discussions

 
icko81
just joined
Topic Author
Posts: 15
Joined: Sat Jan 13, 2018 8:30 pm

Control communication between same local ip address

Wed Jan 24, 2018 11:41 pm

hi guys

I was always interested how i can stop or prevent some local ip address in same subnet to talk each other i know about BRIDGE level IP FIREWALL but i dont have knowledge how to setup

Example i want user with local IP 192.168.178.103 address not talk to server with address 192.168.178.99 some server on mine network ,but all of them have access on internet via NAT,

I can stop two different subnets using forward rules in firewall but not same subnet ,


thanks for help
Last edited by icko81 on Tue Jan 30, 2018 1:09 am, edited 1 time in total.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1790
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Conrol communication between same local ip address

Thu Jan 25, 2018 12:36 pm

Hi

The solution would depend on your hardware.

If these two are connected using unmanaged switch, then you can't limit the communication as-is. You would need to isolate server in a separate subnet and filter based on ip.
If these two are connected using managed switch (or switched in MT itself), you could block all packets with src-mac = mac of server from being forwarded to dst-mac = client.

But, easiest would be to separate the subnet, and control on ip: ex home subnet (unlimited) & guest subnet (only internet)
 
icko81
just joined
Topic Author
Posts: 15
Joined: Sat Jan 13, 2018 8:30 pm

Re: Conrol communication between same local ip address

Thu Jan 25, 2018 1:30 pm

Hi

The solution would depend on your hardware.

If these two are connected using unmanaged switch, then you can't limit the communication as-is. You would need to isolate server in a separate subnet and filter based on ip.
If these two are connected using managed switch (or switched in MT itself), you could block all packets with src-mac = mac of server from being forwarded to dst-mac = client.

But, easiest would be to separate the subnet, and control on ip: ex home subnet (unlimited) & guest subnet (only internet)

Thanks Sebastian,

Since i have the Mikrotik bridge model CRS 112 as well i will managed directly or will try with subnet,

mine other router is hookup with this ip that i want to isolate or prevent talk to some server on mine mine network ,

Regards
Igor
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Conrol communication between same local ip address

Thu Jan 25, 2018 1:56 pm

Who is online

Users browsing this forum: No registered users and 22 guests