[Mikrotik] Restrict hotspot interface from snooping

Scott Reed sreed at nwwnet.net
Wed Jun 6 08:59:30 CDT 2012


Deny those addresses before the accept the port


On 6/6/2012 9:34 AM, Josh Luthman wrote:
> That would let them snoop on the office network.
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On Jun 6, 2012 7:50 AM, "Scott Reed"<sreed at nwwnet.net>  wrote:
>
>> What about accept src-address=172.31.31.0/24 out-interface=WAN
>> and deny everything else?
>>
>> On 6/6/2012 1:20 AM, Josh Luthman wrote:
>>
>>> I have an insecured wifi (virtual AP) on my home router.  I don't mind
>>> people using it.  I do want to make it impossible for them to ever
>>> reach anything they shouldn't.  If I do a new subnet on ether5 or my
>>> known subnet on ether2 (home LAN).
>>>
>>> I was thinking I could do something like accept
>>> src-address=172.31.31.0/24 dst-address=gateway and then drop
>>> everything else with that src but if it's masqueraded, would that
>>> work?  Doesn't seem to, but I haven't tested it thoroughly.
>>>
>>> Any other suggestions or methods to try?
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>> ______________________________**_________________
>>> Mikrotik mailing list
>>> Mikrotik at mail.butchevans.com
>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>
>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>> RouterOS
>>>
>>>
>>> -----
>>> No virus found in this message.
>>> Checked by AVG - www.avg.com
>>> Version: 2012.0.2178 / Virus Database: 2433/5046 - Release Date: 06/05/12
>>>
>>>
>>>
>> --
>> Scott Reed
>> Owner
>> NewWays Networking, LLC
>> Wireless Networking
>> Network Design, Installation and Administration
>>
>>
>>
>> Mikrotik Advanced Certified
>>
>> www.nwwnet.net
>> (765) 855-1060
>> (765) 439-4253
>> (855) 231-6239
>>
>>
>> ______________________________**_________________
>> Mikrotik mailing list
>> Mikrotik at mail.butchevans.com
>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:<http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/6be2b2b1/attachment.html>
> _______________________________________________
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> http://www.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2012.0.2178 / Virus Database: 2433/5051 - Release Date: 06/06/12
>
>

-- 
Scott Reed
Owner
NewWays Networking, LLC
Wireless Networking
Network Design, Installation and Administration



Mikrotik Advanced Certified

www.nwwnet.net
(765) 855-1060
(765) 439-4253
(855) 231-6239




More information about the Mikrotik mailing list