Community discussions

MikroTik App
 
User avatar
tzupan
newbie
Topic Author
Posts: 32
Joined: Wed Jan 18, 2012 7:57 pm
Location: Kisovec, Slovenia

2 AP and isolating each other and lan ports

Sun Aug 26, 2012 5:36 pm

Hi!

I have a little question. I have one RB751 and configured with two AP, one is my private and other one is public.

Privat network is: 10.0.0.1 for lan ports and for wifi clients
Publick network is: 192.168.17.1 for wifi clients only

Because i have a nas and i don't want to be accessible from public network i need help how to do this.

Soo i need to isolate this two networks from each other, but not only clients (default forward i think is not an option)

Thanks for help. Bye Tomaz
 
sadnub
just joined
Posts: 4
Joined: Sun Aug 26, 2012 9:08 pm

Re: 2 AP and isolating each other and lan ports

Sun Aug 26, 2012 9:29 pm

Tomaz,

You would need to put in place a firewall rule to not let the two IP ranges talk to each other.
 
User avatar
tzupan
newbie
Topic Author
Posts: 32
Joined: Wed Jan 18, 2012 7:57 pm
Location: Kisovec, Slovenia

Re: 2 AP and isolating each other and lan ports

Mon Aug 27, 2012 9:19 am

Yes, of course. I know that this must be done in firewall, but don't know how.

Can you give me a sample for my case?

Thanks
 
sadnub
just joined
Posts: 4
Joined: Sun Aug 26, 2012 9:08 pm

Re: 2 AP and isolating each other and lan ports

Thu Sep 20, 2012 4:37 pm

Tomaz,

Sorry it took so long!

I'm assuming you are using a /24 mask for those networks

/ip firewall filter
add action=drop chain=forward disabled=no dst-address=192.168.17.0/24 \
src-address=10.0.0.0/24
add action=drop chain=forward disabled=no dst-address=10.0.0.0/24 \
src-address=192.168.17.0/24

And its probably a good idea to put this in to stop people from logging into your mt from the public

/ip firewall filter
add action=drop chain=input disabled=no src-address=192.168.17.0/24

Josh
 
mobile4lte
newbie
Posts: 28
Joined: Mon Aug 06, 2012 10:10 am

Re: 2 AP and isolating each other and lan ports

Thu Sep 27, 2012 5:43 am

You can use the following method to control with PVLAN to terminal site visit: n configuration connected to the terminal site interface for isolation port, in order to prevent any second communication. For example, if the terminal site is the server, the server configuration stop between the second communication.

Who is online

Users browsing this forum: cdiedrich, m94646602 and 46 guests