Community discussions

MikroTik App
 
TrisT
just joined
Topic Author
Posts: 6
Joined: Sat Nov 28, 2015 10:44 pm

Block Internet Access to ip but keep internal access to network.

Mon Oct 10, 2016 12:12 am

Hi.

My mikrotik is being given internet through the wlan interface as a client. My hotspot is providing it, it is connected through USB to my main rig,the mikrotik router is connected through ethernet so I can access my server, other pcs, printers, etc, that are inside the network.
But windows is a bitch and keeps using the ethernet(mikrotik router) connection as a primary randomly, or some software specifically does it? I'm not sure, but I need it to stop, and doing it on the windows side is just not reliable.
I need to block internet connection to my main rig, so it's forced to use the fastest one provided by USB, now how would I do that without blocking it access to the network so I can still communicate with the devices that are also in it?
Also it can't have anything to do with the interface itself because I've got a VM running as well that can't be restricted internet access, since it's only got the ethernet interface.

Thank you.
 
User avatar
Zetle
just joined
Posts: 11
Joined: Tue Aug 30, 2016 1:41 pm

Re: Block Internet Access to ip but keep internal access to network.

Mon Oct 10, 2016 9:30 am

If I understand You correctly, this should do the thing:
[admin@MikroTik] > ip firewall filter add chain=forward src-address=X.X.X.X action=drop
(where X.X.X.X is the IP of your PC) This rule will block ALL the traffic which destination is throughout the router.
But I'm not sure if Windows will switch to the wireless network when it is connected to the LAN anyway.

Another possible solution on the client side is to change metric on the connections, see Here
 
mag2020
Trainer
Trainer
Posts: 79
Joined: Sat Nov 30, 2013 8:49 am

Re: Block Internet Access to ip but keep internal access to network.

Mon Oct 10, 2016 11:24 am

I am not sure exactly what your description of problem is, but in situations where you need some devices with certain IPs to only access certain networks at some points, a combination of policy routing and some firewall rules will do the magic.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Block Internet Access to ip but keep internal access to network.

Mon Oct 10, 2016 6:50 pm

Two ways:
1) specify a static IP address on the ethernet interface but don't specify a default gateway

2) set the priority on the USB connection to a higher one than the ethernet connection
When given a spoon,
you should not cling to your fork.
The soup will get cold.

Who is online

Users browsing this forum: Bing [Bot], Infra3600, neutronlaser, Znevna and 57 guests