Page 1 of 1

block ip address out from router

Posted: Sat Feb 25, 2006 9:05 am
by ketut
i want ask a question, i have 10 PC,the Ip from -, ip router netmask
the question: how to block ip - it cannot conenct to internet and all protocol, i use mikrotik 2.9.2, so everyone cannot change the ip
i use simple queue for -, this ip have bandwidth limiting

thank you very much, i am sorry for the english

Posted: Sat Feb 25, 2006 11:01 am
by Alex
firewall,arp table.for example: set arp to reply only on interface with address static entries from to arp table.all others addresses will not work.sorry for my english :?

Posted: Mon Feb 27, 2006 8:52 am
by macgaiver
You can simple masquerade only packets from those 10 IPs :)

But I suggest Alex solution use ARP static entries and interface mode to read-only

Posted: Tue Feb 28, 2006 9:36 am
by ketut
thank you very much for the answer, the answer correct, and i use your suggestion, thank you

now i have one question again
my network, i subnet /29
my router netmask

client 1 get ip: ( -
client 2 get ip: (

client 1 have bandwidth 32kbps
client 2 have bandwidth 64kbps

my question, i want each client not use all ip (exp: client 1 can use but cannot use)
client 2 same like that

i use that because i am afraid client 2 can use ip from client 1, so i use that rule

can mikrotik 2.9.2 use that??? if can my i get the rule or links for my i can learn that

thank you very much for the suggestion and rule, i am sorry for my english

Posted: Tue Feb 28, 2006 10:25 am
by macgaiver
If you made correct IP ARP table it is impossible for clints to jump from 1 Ip to another - so there are no problems

Why you use subnetting, use one subnet /28 and create 1 simple queue for each client!

Posted: Tue Feb 28, 2006 11:50 am
by mag
just an idea: would it not be better to use DHCP with static MAC-entries, for doing the management completely on the router.

Posted: Tue Feb 28, 2006 2:22 pm
by ketut
thanks for the suggestion
could you give me soe firewall rule??? i am very thank you if i can get one sample, or do you have links for my problem?

thanks my friend