Page 1 of 1

Disable Default-forwarding --> NOT working!!!

Posted: Mon Dec 03, 2007 1:08 pm
by kvan64
Hi,
I though this was working before. I have 3 wireless cards bridged for my hotspot. All wlans have default-forwarding disabled. I just realized that windows filesharing is still normal and clients can still see eachother :(

I tried to add this too but nothing changes:
/ip firewall filter
add chain=forward protocol=udp dst-port=135-139 action=drop comment="NetBIOS" disabled=no
add chain=forward protocol=tcp dst-port=135-139 action=drop comment="NetBIOS" disabled=no

Any suggestion???

Re: Disable Default-forwarding --> NOT working!!!

Posted: Mon Dec 03, 2007 1:11 pm
by sergejs
They can see, but have you checked either they can exchange IP data ?

You have to ensure that there is 'interface bridge settings set use-ip-firewall=yes'
for firewall rules over bridge.

Re: Disable Default-forwarding --> NOT working!!!

Posted: Mon Dec 03, 2007 1:33 pm
by kvan64
Yes, they can exchange IP data.
Wait, I just tried this as you suggested /interface bridge settings set use-ip-firewall=yes and now the workgroups are still visible but access seems denied.
It seems working.

Many thanks!

Re: Disable Default-forwarding --> NOT working!!!

Posted: Mon Dec 03, 2007 1:49 pm
by normis
Default forwarding is something else. It is to disable communications between clients connected to one specific wireless card. You have a bridge, that's another story

Re: Disable Default-forwarding --> NOT working!!!

Posted: Mon Dec 03, 2007 2:16 pm
by sergejs
Correct, default-forwarding is used to deny communication between clients connected to the same AP.
So, you have to use either 'ip firewall filter' or 'interface bridge firewall' to deny communications in the bridge.

Re: Disable Default-forwarding --> NOT working!!!

Posted: Mon Dec 03, 2007 3:54 pm
by kvan64
It would be helpful if you could post some examples or a link to some tutorials, thanks.