Community discussions

MikroTik App
 
danielLink
just joined
Topic Author
Posts: 1
Joined: Fri Mar 05, 2021 5:31 pm

Inter-VLAN filtering with VPN connections

Fri Mar 05, 2021 5:44 pm

I have a Mikrotik routing and filtering traffic between VLANs. My goal is that VLAN1 cannot communicate with VLAN2 (with a few exceptions).

For this I have the following rules:
/ip firewall filter
add action=accept chain=forward comment="RESTRICTED NETWORK" connection-state=established,related in-interface=VLAN1
add action=accept chain=forward dst-address=128.0.10.5 dst-port=445 in-interface=VLAN1 protocol=tcp
add action=accept chain=forward dst-address=128.0.10.5 dst-port=445 in-interface=VLAN1 protocol=udp
add action=accept chain=forward dst-address=128.0.10.5 dst-port=53 in-interface=VLAN1 protocol=tcp
add action=accept chain=forward dst-address=128.0.10.5 dst-port=53 in-interface=VLAN1 protocol=udp
add action=drop chain=forward in-interface=VLAN1 out-interface=VLAN2
(128.0.10.5 is a device in VLAN2)

In a normal environment this works fine, but when someone on VLAN1 connects to a VPN server (using the integrated VPN of Samsung called "Secure Wi-Fi", for example), filtering no longer works.

Any idea what I should do?

Who is online

Users browsing this forum: No registered users and 46 guests