Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Firewall NAT error

Locked
 
lgcaracol
just joined
Topic Author
Posts: 3
Joined: Mon Feb 06, 2017 1:44 am

Firewall NAT error

Mon Feb 06, 2017 1:59 am

Hi,

I'm setting up my Mikrotik router with a Guest Wifi network.
The problem is that I want to block all websites except for one or two in the guest network.
I've tried to follow some online examples, but when I'm configuring the NAT to redirect all traffic to port 8080 (web proxy), I select as In. Interface WLAN2 which is the wifi guest network, so that the blocking will apply only to the users who are on the guest network, but I got an error, as shown in the attached picture.
Image

If I select the In. Interface as bridge the rule works, but the blocking will apply to WLAN1 also, which is the passworded WLAN and shouldn't have any restrictions.
Anyone knows what is wrong here?

Thanks
Top
 
gustavomam
Trainer
Trainer
Posts: 287
Joined: Tue Jul 23, 2013 6:29 pm
Location: Spain
Contact:
Contact gustavomam

Re: Firewall NAT error

Mon Feb 06, 2017 10:51 am

Hi.

I can't see your picture. Can you export your firewall configuration?
Top
 
lgcaracol
just joined
Topic Author
Posts: 3
Joined: Mon Feb 06, 2017 1:44 am

Re: Firewall NAT error

Mon Feb 06, 2017 11:53 am

Here you have the link with the picture:
https://www.dropbox.com/s/j7haohpdkmokf ... e.PNG?dl=0

I can't export the config now, as the router is at home and I'm at the office.
Top
 
gustavomam
Trainer
Trainer
Posts: 287
Joined: Tue Jul 23, 2013 6:29 pm
Location: Spain
Contact:
Contact gustavomam

Re: Firewall NAT error

Mon Feb 06, 2017 1:06 pm

In the newest version of RouterOs, this message is because you have wlan or some port inside a bridge. You need to apply the rule to the bridge

I you want two independent networks you can't have bridge ports. In order to have to different subnet you need an IP segment for each port or vlan
Top
 
lgcaracol
just joined
Topic Author
Posts: 3
Joined: Mon Feb 06, 2017 1:44 am

Re: Firewall NAT error

Tue Feb 07, 2017 12:53 am

Hi,

Let me explain what I need as probably it's easier.
I need to have a regular wlan network with password with no limitations and then a second (guest) wlan network without authentication and that has only access to 3 websites.
So I configured the guest wlan and was trying to set the rules for it.

What's the easiest way to accomplish what I need?

Thanks
Top
 
localloop
just joined
Posts: 8
Joined: Tue Jan 31, 2017 7:29 pm

Re: RE: Re: Firewall NAT error

Tue Feb 07, 2017 3:46 am

Hi,

Let me explain what I need as probably it's easier.
I need to have a regular wlan network with password with no limitations and then a second (guest) wlan network without authentication and that has only access to 3 websites.
So I configured the guest wlan and was trying to set the rules for it.

What's the easiest way to accomplish what I need?

Thanks
Assign your guest Network a different subnet.

Example
Your LAN - 192.168.1.0/24
WLAN - 192.168.2.0/24
Guest WLAN - 192.168.3.0/24

Change your firewall rule to match the bridge as the in interface and add an additional condition to match SRC to your guest WLAN subnet. 192.168.3.0/24 in our example.

Sent from my Nexus 6P using Tapatalk
Top
Locked
  4. RouterOS
  5. Beginner Basics