Page 1 of 1

block ip address out from router

Posted: Sat Feb 25, 2006 9:05 am
by ketut
hello
i want ask a question, i have 10 PC,the Ip from 192.168.1.2 - 192.168.1.9, ip router 192.168.1.1 netmask 255.255.255.0
the question: how to block ip 192.168.1.10 - 192.168.1.254 it cannot conenct to internet and all protocol, i use mikrotik 2.9.2, so everyone cannot change the ip
i use simple queue for 192.168.1.2 - 192.168.1.9, this ip have bandwidth limiting

thank you very much, i am sorry for the english

Posted: Sat Feb 25, 2006 11:01 am
by Alex
firewall,arp table.for example: set arp to reply only on interface with address 192.168.1.1.add static entries from 192.168.1.2-192.168.1.9 to arp table.all others addresses will not work.sorry for my english :?

Posted: Mon Feb 27, 2006 8:52 am
by macgaiver
You can simple masquerade only packets from those 10 IPs :)

But I suggest Alex solution use ARP static entries and interface mode to read-only

Posted: Tue Feb 28, 2006 9:36 am
by ketut
thank you very much for the answer, the answer correct, and i use your suggestion, thank you

now i have one question again
my network 192.168.9.0/24, i subnet /29
my router 192.168.9.1 netmask 255.255.255.248

client 1 get ip: 192.168.9.8/29 (192.168.9.9 - 192.168.9.15)
client 2 get ip: 192.168.9.16/29 (192.168.9.17-192.168.9.23)

client 1 have bandwidth 32kbps
client 2 have bandwidth 64kbps

my question, i want each client not use all ip (exp: client 1 can use 192.168.9.9 but 192.168.9.10-192.168.9.15 cannot use)
client 2 same like that

i use that because i am afraid client 2 can use ip from client 1, so i use that rule

can mikrotik 2.9.2 use that??? if can my i get the rule or links for my problem....so i can learn that

thank you very much for the suggestion and rule, i am sorry for my english

Posted: Tue Feb 28, 2006 10:25 am
by macgaiver
If you made correct IP ARP table it is impossible for clints to jump from 1 Ip to another - so there are no problems

Why you use subnetting, use one subnet /28 and create 1 simple queue for each client!

Posted: Tue Feb 28, 2006 11:50 am
by mag
just an idea: would it not be better to use DHCP with static MAC-entries, for doing the management completely on the router.

Posted: Tue Feb 28, 2006 2:22 pm
by ketut
thanks for the suggestion
could you give me soe firewall rule??? i am very thank you if i can get one sample, or do you have links for my problem?


thanks my friend