Good evening,
Got my WAN failover to work and created 3 different bridges, LAN1(Guest lan), LAN2(VoIP LAN), LAN3(Work LAN) bridges that seems to be pefered creating bridges rather than asign it tothe interface if i remeber it correctly ...
now i want to protect LAN1 from LAN2 but upon creating filewall rule like so, "chain forward src address 192.168.200.0/23 dest address 192.168.0.0/24 action drop" DNS server have ip 192.168.0.1 same as router but here comes the strange thing and i am sure i am doing somethiung wrong ...
computers in network 192.168.0.0/24 having issues to talk to printer on the very same network and ping from 192.168.200.x still can ping 192.168.0.x without any problem as well so it seems strange
thinking it might have something to do with in what place in the ip -> firewall rule it is located or ? should the rule be "chain forward, in interface bridge lan1 out interface bridge lan2 action drop".
* how is the propper way to block traffic from 192.168.200.0/24 to 192.168.0.0/24 ( is it advisable to use connection states in the rule really just a matte of just an matter of oreferance)and vice versa and not cause issues in network 192.168.0.x nor issues with DNS server on 192.168.0.1 ...
* If ia create VLAN will it be same mess protecting each network as bridge or are there an auto isolation feature available
Now it comes to mind what if i creat trunks on router and access ports on switch for using VLAN and in the futurr the router get damaged and we have no backup router and i choose to connect to ISP router will i need to reset switches or it works anyway, we recenly purchased Managed TP link switches, anoither Mikrotik is not a prioroty to them to purchase and power outtage is common and it will damage it sooner or later so i need to be prepared in my mind of worst case scenario
thank you all for your input and experience in this matter i am newbie in this field but feel the need to merge to VLAN ...
cheers