can you explain the configurations more clearlyConfiguration...
Inet router (192.168.1.1) conected to...
mikrotik (192.168.1.2).... wifi hotspot
Local lan (192.168.1.10-155)
What we want... isolate wifi hotspot from local lan, that is, i want users of both wifi hotspot and lan can access internet but not see not access between them.
¿what is the best way? ... and the easiest way???, (perhaps one rule into firewall, ¿what rule?)
Of course... this is for a ONG who wants to open freely their inet conection to their neigbourgs but they want to "secure" their lan...
can you explain the configurations more clearly
how can you use 192.168.1.1 as gateway(assuming to to be another router)
and only 1 ip as hotspot 192.168.1.2
and remaining as lan??
if you have connected an accesspoint to router with ip 192.168.1.2
192.168.1.1 is the gateway for all ips
and using rest as lan user
then use this
/ip firewall filter add action=drop chain=forward disabled=no dst-address=!192.168.1.1 src-address=192.168.1.2
this will block accesspoint users form accessing lan
if you block all traffic in range 192.168.1.0/24 then you will not be able to reach gateway alsoThose rules are the wrong way round they drop traffic that is NOT to 192.168.1.0/24 (!192.168.1.0/24).
You EITHER want to forward traffic not to 192.168.1.0/24 (which will be !192.168.1.0/24) or DROP traffic to that Range - in which case the address should be 192.168.1.0/24 (without the !)
so remove the ! from the address and they will be right....
The only time that would be a problem is if you wanted the users to access the gateway web interface -if you block all traffic in range 192.168.1.0/24 then you will not be able to reach gateway also
and have you tested the rule i have posted??