Answer the question
In order to leave comments, you need to log in
S
S
Sekii2020-11-16 16:02:50
Sekii, 2020-11-16 16:02:50
How to give some IPs in the network access only to the Internet?
Good afternoon.
There are PCs connected to one switch (unmanaged), which is connected to the gateway - mikrotik.
All PCs work via DHCP mikrotik. It is necessary to release some PCs only on the Internet, i.e. without access to internal resources.
I understand that you need to make two logical subnets and deny access from one to the other in rogue-rules, right?
Something I can’t figure out how to make a second DHCP on one interface only for the necessary IPs? And you need to somehow register a masquerade for these IPs?
Can you please tell me how to implement this?
Thank you.
3 answer(s)
@dronmaxman
@CityCat4
@anthtml
A
Andrey Barbolin, 2020-11-16 @dronmaxman
If all devices are connected to an unmanaged switch, then you cannot deny access to internal resources.
Options:
- Managed switch (VLAN or ACL support)
- Connect a restricted PC directly to Mikrotik
C
CityCat4, 2020-11-17 @CityCat4
Not allowed. The packet to the local network will not get to the Mikrotik, it will be forwarded directly by the switch. The easiest way to do this is by switching the desired device (va) to Mikrotik, or, if there are a lot of them, by putting another switch in which to collect them all and there it’s just to resolve the firewall rules.
A
AntHTML, 2020-11-17 @anthtml
In principle, it is possible to resolve two subnets
Let's say 192.168.0.0/24 to LAN and 192.168.100.0/24 to only the Internet
But the second computers in this case will be able to see each other and if the user changes the ip-shnik, he will be able to see everyone
Similar questions
V
V
S
D
DenZel2016-10-26 08:58:07
When connected to a Wi-Fi network, redirect only to the desired site?
6Reply
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question