Community discussions

MikroTik App
 
User avatar
ViREnG
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Tue Aug 11, 2009 4:01 pm
Location: Yekaterinburg

How to Block UnknownUsers Using Free PtP Links via MyDevices

Thu Aug 18, 2011 5:37 pm

Hello My Friends

Anyone Can Easily Create a Virtual Network With He's Friend via My Wireless Devices :?
Example : Connect to One of My AP , Set an a Static IP (like 192.168.20.1) and Set 2nd Comouter IP 192.168.20.2 (on 5KM Away)
Please See The Attached Image
You do not have the required permissions to view the files attached to this post.
 
ManUtd
newbie
Posts: 30
Joined: Sun Sep 16, 2007 10:24 pm

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

Fri Aug 19, 2011 12:55 am

Turn off default forward on APs.
 
User avatar
ViREnG
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Tue Aug 11, 2009 4:01 pm
Location: Yekaterinburg

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

Sun Aug 21, 2011 9:53 am

i Disable the "Default Forward" on Each Wireless Interface , but Still Problem .
i was Test it after Disabling the Default Forward , if i Set IP Addresses on Their Eth's Like 192.168.50.30 & 192.168.50.65
192.168.50.30 Can Ping 192.168.50.65 :?
What do i Do ?
 
User avatar
mahnet
Long time Member
Long time Member
Posts: 654
Joined: Tue Jul 07, 2009 9:11 pm

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

Sun Aug 21, 2011 10:21 am

try copying a file from one location to another location.
Does it work???
Coz even i thought default forwards should stop this. Although i never tried actually.
I also have forwarding tick removed from the access list for each client
 
User avatar
ViREnG
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Tue Aug 11, 2009 4:01 pm
Location: Yekaterinburg

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

Sun Aug 21, 2011 11:19 am

try copying a file from one location to another location.
Does it work???
Coz even i thought default forwards should stop this. Although i never tried actually.
I also have forwarding tick removed from the access list for each client
Default Forward Disabling Just Disable The File Sharing ?
Anyone Can Use FTP , Remote , Gaming or Other ... !!
Any Idea how to Block communication Between Clients and Client Isolation ?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

Sun Aug 21, 2011 9:30 pm

When in doubt consult the publicly available manual:
http://wiki.mikrotik.com/wiki/Manual:Interface/Wireless
forwarding (yes | no; Default: yes) .
no - Client cannot send frames to other station that are connected to same access point.
yes - Client can send frames to other stations on the same access point.
Turning off default forwarding means clients cannot send frames to other stations connected to the same access point via the radio interface of the AP.
They may potentially still send frames to stations on OTHER access points as that traffic doesn't hairpin out the same radio interfaces, but is bridged or routed as all other traffic. You'd block that via the normal firewall.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
User avatar
ViREnG
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Tue Aug 11, 2009 4:01 pm
Location: Yekaterinburg

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

Tue Aug 23, 2011 10:18 pm

They may potentially still send frames to stations on OTHER access points as that traffic doesn't hairpin out the same radio interfaces, but is bridged or routed as all other traffic. You'd block that via the normal firewall.
How can i Block it ? Can Write Firewall rule Here ? :?
 
User avatar
skillful
Trainer
Trainer
Posts: 557
Joined: Wed Sep 06, 2006 1:42 pm
Location: Abuja, Nigeria
Contact:

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

Tue Aug 23, 2011 11:06 pm

After disabling default forwarding, add a firewall rule to stop a packets from exiting on the same interface it came from.
/ip firewall filter
add action=drop chain=forward disabled=no in-interface=wlan1 out-interface=wlan1
If your are bridging, you also need to enable firewall for bridged interfaces
/interface bridge settings
set use-ip-firewall=yes
 
User avatar
ViREnG
Member Candidate
Member Candidate
Topic Author
Posts: 220
Joined: Tue Aug 11, 2009 4:01 pm
Location: Yekaterinburg

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

Wed Aug 24, 2011 12:17 pm

If your are bridging, you also need to enable firewall for bridged interfaces
/interface bridge settings
set use-ip-firewall=yes
i Set The "use-ip-Firewall to YES" on RouterBoard Bridge , but Still the Problem .
i Test it , 192.168.20.63 can Ping or Connect to 192.168.20.70 (<-- This is an Example IP Address)
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: How to Block UnknownUsers Using Free PtP Links via MyDev

Wed Aug 24, 2011 12:31 pm

Are those two IP addresses connected to DIFFERENT APs? If yes, write firewall filters in the 'forward' chain to drop traffic between customer IP addresses after permitting traffic between customer IPs and their gateway. If no, you've been making mistakes implementing what you've been told in this thread, and should post your configuration.

"It doesn't work" is NOT a sufficient answer. Show WHAT doesn't work, how you're testing, what you're expecting, and what you're getting instead. People can't just randomly guess at what you're doing, not giving enough details wastes everyone's time, including yours.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], Sob, tovi and 59 guests