[Mikrotik] Restrict hotspot interface from snooping

Josh Luthman josh at imaginenetworksllc.com
Wed Jun 6 00:20:42 CDT 2012


I have an insecured wifi (virtual AP) on my home router.  I don't mind
people using it.  I do want to make it impossible for them to ever
reach anything they shouldn't.  If I do a new subnet on ether5 or my
known subnet on ether2 (home LAN).

I was thinking I could do something like accept
src-address=172.31.31.0/24 dst-address=gateway and then drop
everything else with that src but if it's masqueraded, would that
work?  Doesn't seem to, but I haven't tested it thoroughly.

Any other suggestions or methods to try?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373


More information about the Mikrotik mailing list