Recently I switched from the router provided by my ISP to a Mikrotik routerboard and I'm very happy with it.
However, I would like to do some change to my home network but I'm facing a few issues.
I have two subnets:
192.178.10.0/24 (my studio, including a pihole server, NAS and a network attached printer) and 192.178.50.0/24 (dedicated to IOT appliances, smart TV and so on and including a wifi mesh).
I setup the pihole address as primary DNS server in the IP section and it looks like everything is working fine so far.
However, I'd like to isolate the two subnets so that wifi connected devices on subnet 192.178.50.0 can't access the studio subnet. I can do that, pretty easy via firewall but then...devices on 192.178.50.0 can't reach the pihole server on 192.178.10.0. I added the exception for the pihole server (192.178.10.94) but it's not working. Maybe it is the wrong place?
Here is the set of forward rules>
Code: Select all
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
[flash=]add action=drop chain=forward disabled=yes dst-address=!192.178.10.89 \
src-address=192.178.50.0/24[/flash]
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
Finally, I've tried to set destination nat rules to force any device to use pihole (so that, hopefully, youtube app on mobile phones or smart tv is not displaying advertising), but this is causing everything no to work on subnet 192.178.50.0/24. I used the rules following this short tutorial: https://www.youtube.com/watch?v=EdzDCkFaskc.
I'm now studing the documentation and some network management, but any help and hint would be very appreciated.