Community discussions

MikroTik App
 
myselfandme
just joined
Topic Author
Posts: 21
Joined: Wed Mar 31, 2021 2:37 pm

DMZ-sone in a bridge

Fri Apr 15, 2022 7:08 pm

CRS354-48G-4S+2Q+RM

I have mostly static public IPs and have all ports in a bridge for simplicity since I have same network on both WAN/LAN-side.

Is there any way to isolate a few physical ports (call them "guest-ports/machines") from connecting/listening to any other port than the WAN-port? I get so much traffic sent to all ports for these few guest computers (broadcasting DHCP, dropbox, discovery etc) and I want to reduce a few ports to only do tcp traffic (port x to WAN) on f.example 80/443 and not to get/send DHCP, disovery and other "messy" broadcasts to all ports locally and otherwise.

I also have a private fiber connection between two data centers and it is sending bunch of Dropbox traffic and all kind of non-needed stuff. I just want for instance 443 traffic to go through. The only way left to try is to put a pure firewall in front, but I hoped it was some options on port level I could just disable/enable... I know that if I enable the fw on the router/switch, I would deactivate hw accel mode, so I haven't gone there (yet).

I have tried setting Horzion-values on two physical guest ports to 50 on the same bridge. They where still able to communicate. It would be ok if hardware offload was disabled for these two hosts, but it works as usual it seems.
Or when all servers are directly connected to the MikroTik router, you can use a bridge without hardware offload to do the same thing.
In MikroTik, this is done by setting the "horizon" value of the ports where the servers are connected all to the same value.
Tried this.

Who is online

Users browsing this forum: GoogleOther [Bot], jahieulislam, lmeira, rogerioqueiroz and 97 guests