Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
Pontius712021-11-19 12:12:33
Mikrotik
Pontius71, 2021-11-19 12:12:33

How to deny access to the local network, but not the global one?

We have a mikrotik router, where eth1=WAN, the rest are connected to the bridge - LAN (192.168.60.1), a dhcp server is raised on the bridge, it distributes at 192.168.60.0/24
We have a keenetic router. Wan port is included in one of the LAN interfaces of the Mikrotik bridge. The kinetics WAN interface receives the address 192.168.60.13 via dhcp. On the lan ports of the kinetics, a dhcp server is raised, stripped to 192.168.1.0/24.

How can I restrict access from devices on the 192.168.1.0/24 subnet to the 192.168.60.0/24 subnet, but let them access the Internet?
tracert shows the route to 192.168.1.1=- 192.168.60.1=- and so on.

Figuratively speaking, I want to achieve a guest network with the Internet, but without access to the local network.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
T
Talyan, 2021-11-19
@flapflapjack

one firewall rule - FORWARD ACCEPT from the address 192.168.60.13/24 to the WAN out-interface,
below it the FORWARD ACCEPT rule from the address 192.168.60.13/24 to the address 192.168.60.1/24
and even lower the FORWARD REJECT rule from the address 192.168.60.13 /24 to 192.168.60.0/24
Seems like enough.

Report
D
Dmitry Zhura, 2021-11-19
@dima777u

one firewall rule - FORWARD ACCEPT from the address 192.168.60.13/24 to the WAN out-interface,
below it the FORWARD ACCEPT rule from the address 192.168.60.13/24 to the address 192.168.60.1/24
and even lower the FORWARD REJECT rule from the address 192.168.60.13 /24 at 192.168.60.0/24

Report
A
Andrey Barbolin, 2021-11-19
@dronmaxman

You can try several options.
1) To score on the kinetics on the WAN interface, assign a static address 192.168.60.2/30, such a mask will not allow the kinetics to forward packets bypassing the Mikrotik, and already on the Mikrotik to resolve access to the firewall.
2) Pull out one port from the bridge on the micro, assign a separate IP addressing, and connect the kineticist there.

Similar questions
S
Sergey2020-08-01 12:52:52
How to run 1 GigE on Mikrotik HAP AC²? 2Reply
E
Eugene2018-08-26 13:37:15
Is there a problem with setting up mikrotik or with the provider? 4Reply
R
Rick2016-04-03 21:46:41
Advice, networking, which Mikrotik router to choose? 4Reply
M
MadRat2014-01-23 08:30:05
How to calculate load on mikrotik for 50+ users? 4Reply
J
JC142018-09-04 06:58:44
Why does L2TP-Client+IPSec on MikroTik hEX RB750Gr3 work differently depending on the type of Internet connection? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question