I
I
IML2020-03-05 20:44:25
Mikrotik
IML, 2020-03-05 20:44:25

Mikrotik: how to separate access separately to Runet and separately to the rest of the world?

Good afternoon. I started studying Mikrotik, just started, do not judge strictly.
Essence of the question: you need to configure two gateways: the first one for access exclusively to the Runet, the second - for all other domain zones. How to do it?
PS An exact and detailed description is not needed, it will be enough to describe the principle of the solution itself, I will be very grateful, I will dig deeper on my own (at the moment, based on the minimum knowledge I have, I plan to distinguish between the domain zone in the rules, I didn’t think of anything else. At the same time, the question is immediately: what if the site is in the .com domain, for example? And in general is this task real? )
Thank you very much

Answer the question

In order to leave comments, you need to log in

5 answer(s)
C
CityCat4, 2020-03-06
@CityCat4

And in general is this task real?

Ok google
What is BGP
What router do I need for BGP fullview

W
Wexter, 2020-03-05
@Wexter

Essence of the question: you need to configure two gateways: the first one for access exclusively to the Runet, the second - for all other domain zones. How to do it?

Ahahaha. Good luck cho
To do this, you need to resolve all (!) existing domains in the .ru zone, for hosts from this zone add routes through gateway 1, for the rest through gateway 2. Update at will from every second to once a day, as much as your router allows you

D
Dmitry Alexandrov, 2020-03-05
@jamakasi666

The task is real, but you will have to look not by domains, but by ip addresses. See the networks\subnets allocated for Russia, assign them in Mikrotik to the desired gateway. All this is in the public domain, and yes, the table will be quite large.

K
Keffer, 2020-03-06
@Keffer

The author decided to reinvent the wheel. The first thing that came to mind.
Although, something else tells me that he is one of those who are sitting there "upstairs", in the Roscompa ... well, you got it. And they learn to cut "sovereign Internet". Their knowledge is not enough, we decided to file this nonsense with our own hands and isolate the Russian segment of the network from the rest of the world. (Spoiler: So, nothing will work for you)

O
Onyxsis, 2020-03-06
@Onyxsis

Well, firstly, you need to learn the mat part and know at least that the memory of any router is limited, secondly, there is vpn, and you can’t do anything about it, you won’t be able to enter all vpn host addresses, because they are 1000 every second in the world pieces appear, thirdly, to block a certain network segment, an enterprise needs not a router, but a firewall, where you can just limit which resources from which subnet access is possible, and from which not, as well as blocking applications that can be launched , and which ones are prohibited, but for this it is necessary to twist the female rules of the centralized domain, because if it is not there, then the meaning is lost. Cisco has excellent software for this. Without any hemorrhoids. But then again, if you want, you can bypass everything.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question