Community discussions

MUM Europe 2020
 
psycoclan1
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Mon Aug 11, 2008 4:30 pm
Location: England

Firewall Drop

Sun Mar 01, 2015 4:53 pm

Hello friends,

My network is 1 PC as router (DHCP Server etc), 1 DSL modem (gateway), and another wifi AP.

I want to block one MAC address from accessing the internet and the network generally.

So i added a firewall rule :

General : Chain : Forward
Advanced : Src MAC address : The address of the desired device

And Action : Drop


But the device is still connected to the network and no problems at all with the internet.

What am i doing wrong and how can i fix it?

Thanks in advance :)
 
User avatar
Liodakis
Trainer
Trainer
Posts: 13
Joined: Tue Oct 14, 2014 9:36 am
Location: Greece

Re: Firewall Drop

Sun Mar 01, 2015 6:07 pm


My network is 1 PC as router (DHCP Server etc), 1 DSL modem (gateway), and another wifi AP.
1) Where is the MikroTik?
2) The MAC Address you want to block is connected wired or Wireless (If Wireless, what AP you use?)?
El.Liodakis
MTCNA - MTCWE - MTCRE - MTCTCE - MTCUME
 
psycoclan1
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Mon Aug 11, 2008 4:30 pm
Location: England

Re: Firewall Drop

Sun Mar 01, 2015 7:51 pm

MT (192.168.1.3) is connected through lan cable into the one port of DSL (192.168.1.1) modem. The wifi AP (192.168.1.2) is connected to the DSL modem as well through Lan cable.

The user is connected to the AP wirelessly.

MT is the only DHCP server of the network and most of the devices are connected to the network through the AP wirelessly.

I can see all the mac addresses but it seems i cant block/handle them
 
User avatar
Liodakis
Trainer
Trainer
Posts: 13
Joined: Tue Oct 14, 2014 9:36 am
Location: Greece

Re: Firewall Drop

Mon Mar 02, 2015 12:00 am

It's normal the firewall rules not working on your Network.

Your MikroTik ACT only as a DHCP Server, not as a Router/Firewall.

I suggest to use MikroTik as Router (MikroTik PPPoE -> aDSL Modem/Router in Bridge Mode) in order to use MikroTik Firewall features.
El.Liodakis
MTCNA - MTCWE - MTCRE - MTCTCE - MTCUME
 
Rudios
Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: Firewall Drop

Mon Mar 02, 2015 9:46 am

What you could do (although it is not a real solution) is put a bogus IP address as reservation for the deisred MAC address.
If the device then request an IP from the DHCP server it will get a unusable IP address and will not be able to browse the internet. (e.g. assign 192.168.100.254 for the device).
The side note I have to make is that if the user of the device is smart enough, he can put his IP settings manually and the completely bypass the DHCP.
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
 
psycoclan1
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Mon Aug 11, 2008 4:30 pm
Location: England

Re: Firewall Drop

Mon Mar 02, 2015 7:08 pm

Thats what i thought from the first time but yes if he set his devices ip manually then he can have access. So im looking for a "proper" and permanent solution.

Liodakis thank you for your reply. My mikrotik PC has 1 LAN port (the built-in one) at the moment so im not quite sure how i can run mikrotik as PPPoE ADSL modem router. If im not mistaking you advise me to set the LAN port of mikrotik as WAN and then do the rest from a second LAN port (NAT, local routing etc). So i might be in need to find-buy a 2nd LAN card. Correct?

Who is online

Users browsing this forum: komdee and 47 guests