MikroTik

I'm afraid I have this wonderful router... and I don't know how to use it yet. I could use some assistance in configuring our Campus for summer school.
My old, puny router (linksys SOHO router) had a table that I could type in ip addresses from my static lan. Then those PCs could access our servers, but had no internet connectivity.
How do I do this with a MikroTik router? I don't even know the proper name for what I want to do. I can read and understand directions however, so if someone could point me to a page in the manual or just tell me where on the menu to go, that would be wonderful.
I also need to do this remotely, or perhaps a chron job.. on the router? Or from my Linux box?

T.I.A.

And a <bump> to the top, for hope.

t.i.a.

basic configuration here:
http://wiki.mikrotik.com/wiki/How_to_Co ... _xDSL_Line

more good examples:
http://wiki.mikrotik.com/wiki/MikroTik_RouterOS

Ah.. I've been there. I honestly have tried to use the manual. I can't understand it. And I'm working to correct that by studying.
In the mean time however, this router has been set up and I need to modify it to block internal (static) IPs from going outbound/inbound w/packets. What is that called?

I know it is not the first 5 bullet points on the routing page you linked. I looked in the Routing Questions section, is what I want to do called "blackhole"ing?

If I could just have the correct terminology, then I would have a chance to follow the manual. As you can see, without knowing what I want to do is called, it makes finding the section near to impossible to do in a short time period.

T.I.A.

to block traffic you must add firewall filter rules.
http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php

Okay. I think that I've figured out where I used to do this on the Linksys SOHO router. It disallowed IPs in its NAT section. I think when I loaded the IP addresses there, I was saying "do NOT translate these IPs to our external IP address" and therefore the PCs were blocked.

But what you're saying is now I have a real router and I must use firewall rules? Right?

And those rules are put down in the form of a function embedded in a chain?

I'm trying to read it. I just hope I don't bork the router completely.

So I want to modify the output chain.. yes?

t.i.a.

You would be modifying the forward chain. Keep in mind the funtions of the chains, input is for traffic to the router itself, output is traffic from the router to something else (traffic which originates within the router) and forward is for traffic that comes from somewhere and needs to go somewhere else. (That traffic only transits the router, it does not originate or terminate there)

So... I would -

add chain=forward protocol=tcp dst-address=192.168.0.141 drop comment="Block this IP"

?

If you could see my expressions as I try to interpret all those properties... priceless. My brain is going to asplode now....

Help?!

change dst-address to src-address