Community discussions

MikroTik App
 
eaflores
just joined
Topic Author
Posts: 1
Joined: Sun May 02, 2021 3:28 am

How to isolate both subnets on a cascade router setup?

Sun May 02, 2021 3:50 am

I have a cascade router setup.

Setup:
Internet <> Modem <> Router A(Mikrotik) <LAN(5) - WAN > Router B(Linksys)

Router A Subnet: 192.168.1.0/24
Router B Subnet: 192.168.2.0/24

Router B has static IP of 192.168.1.227 on Router A.

Router A devices can't contact Router B devices but Router B devices can contact Router A devices which I don't want. All this I expected from the cascade setup.

I am only using default firewall rules from Quickset Home AP Dual.

Goal: Isolate Router B devices from accessing Router A devices while keeping internet connectivity on Router B devices. Basically I want both subnets totally isolated with only internet access. Is this possible?

Thank You
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19101
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How to isolate both subnets on a cascade router setup?

Mon May 03, 2021 1:52 pm

Very difficult because they are on the same subnet as all other 192.168.1 folks.
Your best bet is simply to create another subnet on Router A.
then its dirt easy via firewall rules.

add chain=forward action=accept source-address=newsubnet out-interface-list=WAN {allow router b to internet}
add chain=forward action=drop source-address=newsubnet {drop everything else from router b}

OR in one rule
add chain=forward action=drop source-address=newsubnet out-interface=!WAN {drop all traffic from router b that is not going out the WAN}
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to isolate both subnets on a cascade router setup?

Mon May 03, 2021 3:54 pm

Either construct a "routing" subnet for connection between both routers (if physical connection is a problem, simply using another IP subnet would mostly do).

Or disable NAT on Linksys and let MT do it for subnet B as well. You'll have to add static route on router A towards subnet B using router B as gateway. This way devices from subnet A will use their gateway (router A) when sending packets towards subnet B.

Better solution is the first one (different subnet for router interconnect).

Either way you'll have to add some firewall rules on router A which will block traffic between devices from both subnets ... as @anav already mentioned.

Who is online

Users browsing this forum: Google [Bot] and 45 guests