Community discussions

MikroTik App
 
fearthewopr
just joined
Topic Author
Posts: 4
Joined: Thu Feb 16, 2006 11:18 pm

Hotspot firewall help

Thu Feb 16, 2006 11:35 pm

We have a rb532 and the SR2 card. I currently have it setup with wlan1 bridged with ether1 to our corporate network. WPA-PSK is used. (192.168.1.0/24)

I have also setup an unsecured hotspot for when clients come for meetings on a virtualAP (wlan2) and have modified the html to autologin and redirect you to our main webpage. (10.50.5.0/24)

This is all working just fine.

The problem is that when logging into the hotspot, i am still able to access our 192.168.1.0/24 network and any device on it. This is not cool, since anyone could just hop right on our network. I dont want anyone that is on the hotspot network to be able to access 192.168.1.0/24, 192.168.2.0/24, or 192.168.5.0/24 (the three subnets in our company).

The other issue i can see being a problem is that our dns servers are on the 192.168.1.0/24 subnet.

I have been reading this forum/manual most of the day trying to figure it out.

Can anyone help me out?

Thanks!
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Fri Feb 17, 2006 9:17 am

to disallow communications between wireless cliens connected to AP, you may set 'default-forwarding=no' for wlanx interface.

you may set restriction rules in firewall between networks (that will drop traffic on IP level except from DNS server).
 
fearthewopr
just joined
Topic Author
Posts: 4
Joined: Thu Feb 16, 2006 11:18 pm

Fri Feb 17, 2006 5:16 pm

to disallow communications between wireless cliens connected to AP, you may set 'default-forwarding=no' for wlanx interface.

Great!
you may set restriction rules in firewall between networks (that will drop traffic on IP level except from DNS server).
Can you give me an example of this? I tried this, but it didn't work.

Thanks again!!

Who is online

Users browsing this forum: synchro and 38 guests