Community discussions

MikroTik App
  4. RouterOS
  5. General

How to prevent communication between two bridges?  [SOLVED]

Post Reply
 
User avatar
mrmut
Member Candidate
Member Candidate
Topic Author
Posts: 199
Joined: Mon May 18, 2009 2:10 pm

How to prevent communication between two bridges?

Sat Jul 14, 2018 2:49 pm

Hello all, I am puzzled currently; the configuration is as follows:
eth1 - wan
eth2-6 bridge1
eth9-10 bridge2

Each bridge has different IP and there are two DHCP servers working on each bridge. Everyone gets to internet, and DHCP works, etc. I have default Firewall rules.

What gets me is that devices from two different bridges can see each other, even if they are on different subnets. How can I prevent that? I have two different networks that use the same router and internet access, but must not see each other.
Top
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: How to prevent communication between two bridges?

Sat Jul 14, 2018 3:12 pm

use ip firewall filter and chain forward.

Drop subnet a to subnet b and vice vera.

Or use search on forum. It has been asked and answered multiple times :)
Top
 
User avatar
ingdaka
Trainer
Trainer
Posts: 452
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:
Contact ingdaka

Re: How to prevent communication between two bridges?  [SOLVED]

Sat Jul 14, 2018 3:19 pm

ip firewall filter add chain=forward src-address=XXX.XXX.XXX.XXX/X dst-address=YYY.YYY.YYY.YYY/Y action=drop
ip firewall filter add chain=forward src-address=YYY.YYY.YYY.YYY/Y dst-address=XXX.XXX.XXX.XXX/X action=drop

XXX.XXX.XXX.XXX/X - Bridge1 Subnet example 192.168.1.0/24
YYY.YYY.YYY.YYY/Y - Bridge2 Subnet example 192.168.2.0/24
Top
 
User avatar
mrmut
Member Candidate
Member Candidate
Topic Author
Posts: 199
Joined: Mon May 18, 2009 2:10 pm

Re: How to prevent communication between two bridges?

Sat Jul 14, 2018 3:24 pm

Thank you guys.
Top
 
User avatar
mrmut
Member Candidate
Member Candidate
Topic Author
Posts: 199
Joined: Mon May 18, 2009 2:10 pm

Re: How to prevent communication between two bridges?

Sat Jul 14, 2018 3:29 pm

ip firewall filter add chain=forward src-address=XXX.XXX.XXX.XXX/X dst-address=YYY.YYY.YYY.YYY/Y action=drop
ip firewall filter add chain=forward src-address=YYY.YYY.YYY.YYY/Y dst-address=XXX.XXX.XXX.XXX/X action=drop

XXX.XXX.XXX.XXX/X - Bridge1 Subnet example 192.168.1.0/24
YYY.YYY.YYY.YYY/Y - Bridge2 Subnet example 192.168.2.0/24
Maybe it is a dumb question, but is it possible to do this with in interface - out interface? Or interface lists?

Thanks
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11624
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to prevent communication between two bridges?

Sat Jul 14, 2018 4:31 pm

Maybe it is a dumb question, but is it possible to do this with in interface - out interface? Or interface lists?
I'm almost certain that it is possible to do it with interfaces. My view, however, is that it is un-intuitive as you're trying to prevent L3 connectivity using L1 filtering.
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10234
Joined: Mon Jun 08, 2015 12:09 pm

Re: How to prevent communication between two bridges?

Sat Jul 14, 2018 4:36 pm

Maybe it is a dumb question, but is it possible to do this with in interface - out interface? Or interface lists?
Yes that is possible by using the bridge as the in- or out-interface. Lists are possible too.
It is in fact better (especially for the incoming interface) as it does not rely on the "valid" addresses on that interface
so it blocks invalid addresses as well. (packets sent with forged source address)
Top
 
User avatar
mrmut
Member Candidate
Member Candidate
Topic Author
Posts: 199
Joined: Mon May 18, 2009 2:10 pm

Re: How to prevent communication between two bridges?

Thu Jul 19, 2018 6:49 pm

Thanks!
Top
Post Reply

Who is online

Users browsing this forum: CoMMyz and 84 guests
  4. RouterOS
  5. General