Guest network firewall
Posted: Sat Sep 09, 2017 8:57 am
I have a spare Mikrotik that I quickly want to use temporarily for providing a guest password free wifi access.
However I don't want it to be able to access my LAN's 192.168.1.x range. First off I'm confused by Fast track and Passthrough. What I currently have here doesn't work, since everything is permitted What am I missing?
Thanks in advance!
However I don't want it to be able to access my LAN's 192.168.1.x range. First off I'm confused by Fast track and Passthrough. What I currently have here doesn't work, since everything is permitted What am I missing?
Code: Select all
[hendry@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
2 ;;; defconf: accept established,related
chain=input action=accept connection-state=established,related
3 ;;; defconf: drop all from WAN
chain=input action=drop in-interface=ether1
4 X ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
5 chain=input action=drop src-address=192.168.88.0/24 dst-address=192.168.1.0/24 log=no log-prefix=""
6 ;;; defconf: accept established,related
chain=forward action=accept connection-state=established,related
7 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
8 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1