Community discussions

MikroTik App
 
bikash
just joined
Topic Author
Posts: 24
Joined: Tue Nov 02, 2010 5:44 am

arp block

Tue Apr 19, 2011 12:58 pm

how to block arp packet in local lan from Mikrotik or with out Mikrorik????????
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: arp block

Tue Apr 19, 2011 1:18 pm

You can block arp packets in bridge firewall.
 
akmjahangir
newbie
Posts: 48
Joined: Sun Aug 10, 2008 8:27 pm
Location: Dhaka, Bangladesh
Contact:

Re: arp block

Tue Apr 19, 2011 1:27 pm

1. Bridge > Add > ok, port > + select ether1 > ok. again + select ether2 ok.
2. now connect your router LAN port with Mikrotik ether1 and another cable from ether2 to your LAN switch.
3. IP > firewall > + chain = forward > src-address = your client IP > advance > src MAC address = ! your client mac > action=drop.

if not working call me.
 
pooyan5
just joined
Posts: 4
Joined: Thu Jan 17, 2013 2:58 pm
Location: Caracas

Re: arp block

Thu Jan 17, 2013 9:48 pm

1. Bridge > Add > ok, port > + select ether1 > ok. again + select ether2 ok.
2. now connect your router LAN port with Mikrotik ether1 and another cable from ether2 to your LAN switch.
3. IP > firewall > + chain = forward > src-address = your client IP > advance > src MAC address = ! your client mac > action=drop.

if not working call me.
Hi, I have same issue, I has follow your solution, but I have few question:

1-I have 150 client
2-All of my client mac address passed from my router to isp router

please tell me how can i do drop my ARP traffic from internal to external, i want to use just my external MAC address for internet packets.

Thanks in advance
Pooyab
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: arp block

Tue Oct 06, 2020 9:26 pm

Same.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: arp block

Tue Oct 06, 2020 10:01 pm

i want to use just my external MAC address for internet packets.
Do you want to use different IP addresses, but all the same MAC address ???
- same MAC, same or some WAN IP : use Src-NAT or masquerade in the firewall (the NAT rule is in the default firewall already for interfaces in the WAN interface list)
- same MAC to internet, different LAN IP addresses: this is like the "wifi repeater pseudo bridge". The "NAT rules in the bridge" can change (scr-nat) MAC addresses. But the way back will need the real MAC address restored.

Blocking ARP. It's protocol x806 (IPv4 is x800). The bridge Firewall (not the IP firewall) has possibilities. https://wiki.mikrotik.com/wiki/Manual:I ... e_Firewall
 
neutronlaser
Member
Member
Posts: 445
Joined: Thu Jan 18, 2018 5:18 pm

Re: arp block

Wed Oct 07, 2020 1:37 am

Ah x800 that gives me something to try, thank you.

What I want to do is block a public wifi user from seeing all the other devices connected. Not to be confused with being able to communicate with them. I've seen public wifi networks that don't let you even list the other devices in apps like Wifi Man and Fing.

Who is online

Users browsing this forum: No registered users and 15 guests