Community discussions

 
gtwnrob
just joined
Topic Author
Posts: 10
Joined: Sun Sep 30, 2012 5:13 am

Blocking internal traffic between 2 DHCP networks

Wed Sep 10, 2014 11:07 pm

I've spent several hours searching and reading through these forums, and other's I've found online, but can't find what I'm looking for. I've tried several examples on my own as well and it didn't work.

I have 3 VirtualAPs set up on my router. 1 is a hotspot, the other two are wireless networks for two different companies in the same building.

I was successfully able to setup the hotspot with no problem. Using firewall rules, I was able to block traffic to the other two APs.

My other two VirtualAPs are:

GTS - 192.168.2.1
WP - 192.168.3.1

They both have their own DHCP servers as well. They can get online and everything as far as internet access is ok.

I'm trying to keep GTS from communicating with WP. I added a drop rule in the firewall and it didn't work.

For example, for GTS in the firewall I did:

Forward

Source as 192.168.2.0/24
Destination as 192.168.3.0/24

and chose to drop.

For whatever reason, it's not dropping. When I'm on GTS I can ping anything on WPs network.

Any clue as to why the firewall rule isn't working? I'm overlooking something...

Thanks for any help/feedback. I really appreciate it.
 
User avatar
NAB
Trainer
Trainer
Posts: 503
Joined: Tue Feb 10, 2009 4:08 pm
Location: UK
Contact:

Re: Blocking internal traffic between 2 DHCP networks

Thu Sep 11, 2014 7:13 am

If the firewall rule isn't working, the chances are it's because either you specified the rule incorrectly or the traffic is not being routed through the RB. Please can you post output of the following commands:

/ip address print
/ip route print
/ip dhcp-server print
/ip dhcp-server network print
Nicholas Barnes BSc(hons)
Certified Mikrotik Consultant
Certified Mikrotik Trainer

Vitell - Asterisk, Linux and network consultants
Unofficial IRC channel: #routerboard on irc.z.je
 
Clauu
Member Candidate
Member Candidate
Posts: 205
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

Re: Blocking internal traffic between 2 DHCP networks

Thu Sep 11, 2014 9:08 am

I have a similar issue with 2 subnets 192.168.50.0/24 and 192.168.10.0.24, the fw rule isn;t droping anything from source .50 to dest .10
Having fun with RB850Gx2, RB2011UiAS-2HnD, RB260GSP, RB751U-2HnD, CRS112, RB3011UiAS, hAP ac, cAP ac and hAP ac². More others on the way :-)
 
Ambul
just joined
Posts: 7
Joined: Sat Sep 27, 2014 7:56 pm

Re: Blocking internal traffic between 2 DHCP networks

Mon Sep 29, 2014 5:25 am

I am also having this issue. The firewall rules are being ignored.

I have the rb2011 Mikrotik.

ether1 = WAN = 10.0.0.99/24
ether2 = LAN/WLAN1 = 10.0.10.0/24
WLAN2 = virtual AP = 10.0.5.0/24

dhcp1 = bridge-local
dhcp2 = wlan2

hotspot1 Interface = wlan2

I don't want the hotspot clients to access 10.0.10.1 login page of the router, and I don't want the hotspot clients to access any of the 10.0.10.1 LAN/WLAN1

I only want hotspot clients to reach the internet, not internal LAN. And hotspot clients should not be able to see other hotspot clients devices.

What should I look at in my settings.

Who is online

Users browsing this forum: No registered users and 69 guests