Community discussions

MikroTik App
 
T1000
just joined
Topic Author
Posts: 4
Joined: Mon Mar 14, 2022 6:03 pm

Mikrotik behind ISP Router Isolation

Mon Mar 20, 2023 3:17 pm

Hey guys, i have a simple question.

I have a home internet connection with a ISP standart router which provides internet and WiFi ty my home.

I want to connect a Mikrotik router to one of its LAN ports, receive an IP via DHCP client from the ISP router on Ether1, and have internet on the other ports on Mikrotik.

The problem is that i dont want devices connected with the Mikrotik network, to see devices connected with the ISP router's network and vice versa.

How can this be done?

PS i dont have access on the isp router's configuration page.
 
iznenad
just joined
Posts: 1
Joined: Tue Mar 21, 2023 2:28 pm

Re: Mikrotik behind ISP Router Isolation

Tue Mar 21, 2023 6:13 pm

You dont need access on the isp router. One of the easiest way to do what you need on mikrotik :

1. create address list for the address from isp router lan side you want to block:
add address=192.168.0.10 list=block_upper
add address=192.168.0.20 list=block_upper
add address=192.168.0.30 list=block_upper
...

2. dont entry gateway in this list (192.168.0.1)

3. then create firewall rule :
/ip firewall filter
add action=drop chain=forward dst-address-list=block_upper src-address=192.168.1.0/24

4. Move this rule on the first place in firewall

Coclusion :
every packet sent from lan side of mikrotik (from address list block_upper) will be droped if packet goes elsewhere
then on the gateway. There is no need for blocking on the opposite side (nat). In my example ISP lan side 192.168.0.0/24,
mikrotik lan side 192.168.1.0/24. There is shortcut for first step, but if you, for some reason, want to allow connections
to some device it will be very easy to do that.

Who is online

Users browsing this forum: Bing [Bot], kkeyser and 38 guests