I have 2 LAN on different interface port on Mikrotik. I used Mikrotik RB1100. LAN A use port eth9 and LAN B use port eth10. LAN A use IP Address 192.168.16.0/24 dan LAB B use IP Address 192.168.17.0/24. Eth9 use IP Address 192.168.16.1 and eth10 use 192.168.17.1.
The rules are : every clients on LAN A can't connect clients on LAN B, except IP Address from 192.168.x.y, where x = 16 and 17; y = 1 until 6.
Therefor 192.168.16.10 can't connect to 192.168.17.8, but can connect to 192.168.17.2. Otherwise, 192.168.17.10 can't connect to 192.168.16.8, but can connect to 192.168.16.2.
To do this, run winbox and enter the RB1100. Click menu IP --> Firewall --> Filter Rules.
Rule #1 :
Click +, on tab General, fill Chain : forward, Src. Address : 192.168.16.0/29, Dst. Address : 192.168.17.0/29; on tab Action, fill Action : accept. Click Apply --> OK.
Rule #2
Click +, on tab General, fill Chain : forward, Src. Address : 192.168.16.0/24, Dst. Address : 192.168.17.0/24; on tab Action, fill Action : drop. Click Apply --> OK.
Be carefull, don't invert between rule #1 and rule #2.
No comments:
Post a Comment