Mikrotik Router: how to restrict a computer from one subnet to access a computer on another subnet?

I

Igor2014-08-05 22:58:10

Mikrotik

Igor, 2014-08-05 22:58:10

Situation: computer 192.168.4.12 (from subnet 192.168.4.0\24 ) needs to restrict access so that it has access only to the Internet and host 192.168.130.63 (from subnet 192.168.130.0\24 ). Incl. 192.168.4.12 should not have access to 192.168.4.0\24 and 192.168.130.0\
24 on the Ether4 interface there is a network 192.168.4.0\24, then a rule like

ip firewall filter chain=output src.address=192.168.4.12 dst.address=192.168.4.0/24 action=drop

It just won't work
. As I understand it, you need to create some kind of VLAN. But how to do it correctly - I do not understand.
RouterOS 6.x

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

I

Igor, 2014-10-07
@shanker

The solution turned out to be the option described by @Seven88 in a comment:

If a machine with the address 192.168.4.12 does not need to have access to the .4.0/24 subnet, then why not use a different subnet on this machine, and rule it out on Mikrotik?

D

Dexsoonaris, 2014-08-18
@Dexsoonaris

Good afternoon
The router cannot process requests from 192.168.4.12 in the network 192.168.4.0 since traffic will not reach it).
Accordingly, as an option to make the connection of this client through a tunnel (PPPoE, etc.).

C

cmnx, 2014-08-27
@cmnx

Hello. You can set up address isolation using Route Rules (IP-Routes-Rules).
Allow only the necessary addresses, the rest - in unreachable.