[Mikrotik] Restrict hotspot interface from snooping
josh at imaginenetworksllc.com
Wed Jun 6 08:34:05 CDT 2012
That would let them snoop on the office network.
1100 Wayne St
Troy, OH 45373
On Jun 6, 2012 7:50 AM, "Scott Reed" <sreed at nwwnet.net> wrote:
> What about accept src-address=172.31.31.0/24 out-interface=WAN
> and deny everything else?
> On 6/6/2012 1:20 AM, Josh Luthman wrote:
>> I have an insecured wifi (virtual AP) on my home router. I don't mind
>> people using it. I do want to make it impossible for them to ever
>> reach anything they shouldn't. If I do a new subnet on ether5 or my
>> known subnet on ether2 (home LAN).
>> I was thinking I could do something like accept
>> src-address=172.31.31.0/24 dst-address=gateway and then drop
>> everything else with that src but if it's masqueraded, would that
>> work? Doesn't seem to, but I haven't tested it thoroughly.
>> Any other suggestions or methods to try?
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> Mikrotik mailing list
>> Mikrotik at mail.butchevans.com
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2012.0.2178 / Virus Database: 2433/5046 - Release Date: 06/05/12
> Scott Reed
> NewWays Networking, LLC
> Wireless Networking
> Network Design, Installation and Administration
> Mikrotik Advanced Certified
> (765) 855-1060
> (765) 439-4253
> (855) 231-6239
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mikrotik