MikroTik

Hello, in brief my situation is the following :

Many wireless clients on a single Atheros (192.168.2.0/24).
Default forwarding disabled to isolate clients. (If not, i'd have to configure single-machine firewall and it's boring and long)
I want 192.168.2.34 to reach remote desktop at office 192.168.2.67
With this configuration, it's impossible. Filter rules also log nothing.
How to do that? WinXP remote desktop is port-locked so it's impossible to think about port redirection with a central server for dst-nat (for many p-t-p client connections).

Any ideas, guys? Is it possible to create a "bridge" (improper definition??) between only two mac addresses at a time?
Help would be VERY VERY VERY appreciated!

Thanks!
Sergio

you can just override the default forwarding setting with the access list, add your desired clients in the access list with authentication=yes and forwarding=yes.

Yes, but this way I allow any ip in the access list to forward to others so I really create a group of people who can share something, not couples of people sharing private things!

Hmm, I am not sure about Mikrotik settings, but with vanilla Linux it should work this way. You stop (radio) forwarding by default and in your FORWARD chain of firewall you allow forwarding just between IP (or MAC) addresses as you wish. Of course, here you have radio forwarding, not just IP forwarding, so if previous solutions doesn't work, maybe you should try to allow all radio forwarding by default, then to allow just specific IP (or MAC) forwarding in FORWARD chaing of firewall, and finally forbid all forwarding in firewall (this should cut the rest of IP forwarding which you didn't explicitely allow). This is just a tip, please ignore if I am wrong.

I think I'll have to enable, as acim says, all clients forwarding but instead of loading MT's cpu with many firewall rules I''l set up client's firewall to receive only (if needed) related partner's frames.

Thanks to everybody!