Community discussions

MikroTik App
  4. RouterOS
  5. General

How to block client to client traffic?

Post Reply
 
User avatar
infomate
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Sat May 21, 2005 2:30 pm
Location: Dumaguete City, Philippines

How to block client to client traffic?

Fri May 27, 2005 6:50 am

Hi giys!

I hope someone can help me. I have MT Hotspot up and running with the log-on screen aprearing everytime a client logs in.

My question is about blocking peer-to-peer traffic. I dont want hotspot clients to see anybody else in their network neighborhood, so much so to have access to other clients machines. I have tired the example on the documentation on how to add an ip firewall rule to drop all-p2p, still doesnt fit my requirements. :cry:

I would be opening the wireless hotspot to the public soon so I dont want client complaining that their files are now open for everybody on the hotspot network to access! :x

Any help would be greatlly appreciated! :D

Robert
Top
 
OrCAD
Member Candidate
Member Candidate
Posts: 133
Joined: Wed Apr 20, 2005 12:37 pm

Fri May 27, 2005 3:31 pm

Unchecked Default forwarding in wireless interface....in my RB not work..
Second way is to create firewall rule:
forwarding - src-adr=(gateway ip) - dst-adr=(gateway ip) - action=drop

with this rule you can block user p2p traffic.
bye.
Top
 
User avatar
infomate
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Sat May 21, 2005 2:30 pm
Location: Dumaguete City, Philippines

Tue May 31, 2005 1:52 am

Thanks for the reply.

I have also been testing a new rule that I placed on the hotspot-temp.
I blocked ports 137, 138 and 139 on all protocols (action=drop)

So far, all windows clients can't see anybody on the network neighborhood. Hope this will help others.

Im happy with it. I will test it for another week. Will update soon.

Thanks again
Top
 
hzeid
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Tue Oct 12, 2004 11:57 am
Location: Lebanon

Thu Jul 21, 2005 11:51 am

I have also been testing a new rule that I placed on the hotspot-temp.
I blocked ports 137, 138 and 139 on all protocols (action=drop)
can u write the command lines pls cuase i did it and it didnt work with me. thanks man
Top
 
User avatar
infomate
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Sat May 21, 2005 2:30 pm
Location: Dumaguete City, Philippines

Thu Jul 21, 2005 3:00 pm

src-add=0.0.0.0 in-interface=all dst-addr=0.0.0.0/135-139 prot=tcp action=drop

do the same for udp.

apparentlly unchecking "default forwarding" only works on the wireless interface and not for an AP connected to a wired ether port on the MT.

do a little search on the archives, I seem to remember a few questions/resolutions posted before.

If you are offering your wireless system to the public, I would suggest that you inform users to turn off sharing under windows to prevent users appearing on their network neighborhood and oppening access to their system.


good luck.

Robert S.
Top
Post Reply

Who is online

Users browsing this forum: GoogleOther [Bot], kos and 35 guests
  4. RouterOS
  5. General