Mikrotik and a firewall

A

adam23450

Contributor
Joined
Feb 19, 2020
Messages
142
I would like to block access to my switch on my LAN which has an IP address of 192.168.0.2 for the entire LAN and allow for a given address in the LAN, ie 192.168.0.5. How to make these rules? I've been struggling with it for 2 days and I can't think of anything.
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
Uh, what? How is your firewall going to do that? It is not between your client and your switch.

If you want to block access to a switch's management IP, you need one of the following:

1) have the switch's management port to be on the far side of the firewall (perhaps on a different VLAN routed by the firewall/router)

2) have the switch's management port ACL'd off by the switch's software that defines what hosts are allowed to access it

3) have the switch's silicon do filtering ("on-network firewalling")

These require progressively more advanced switches. The cheapest consumer-grade switches don't offer VLAN's, the lowest tier of IP-enabled switches may not allow ACL's for management, and it takes a mid-tier enterprise grade switch to do filtering.
 
A

adam23450

Contributor
Joined
Feb 19, 2020
Messages
142
jgreco said:
Uh, what? How is your firewall going to do that? It is not between your client and your switch.

If you want to block access to a switch's management IP, you need one of the following:

1) have the switch's management port to be on the far side of the firewall (perhaps on a different VLAN routed by the firewall/router)

2) have the switch's management port ACL'd off by the switch's software that defines what hosts are allowed to access it

3) have the switch's silicon do filtering ("on-network firewalling")

These require progressively more advanced switches. The cheapest consumer-grade switches don't offer VLAN's, the lowest tier of IP-enabled switches may not allow ACL's for management, and it takes a mid-tier enterprise grade switch to do filtering.
Click to expand...
Will I do point 2 in the switchos software from mikrotik?
 
Etorix

Etorix

Wizard
Joined
Dec 30, 2020
Messages
2,134
Assuming the computer at 192.168.0.5 has two Ethernet ports, link the second port to the management interface of the Microtik switch with a crossover cable and define a static route. Configure the switch so that no traffic is routed between the management port and other ports.
 
A

adam23450

Contributor
Joined
Feb 19, 2020
Messages
142
Etorix said:
Assuming the computer at 192.168.0.5 has two Ethernet ports, link the second port to the management interface of the Microtik switch with a crossover cable and define a static route. Configure the switch so that no traffic is routed between the management port and other ports.
Click to expand...
My network looks like this.
One more question.
How to restrict access to the management of FreeNas over the Internet also to the address 192.168.0.5
FreeNas has an IP address of 192.168.0.9
mikrotik.PNG
 
You must log in or register to reply here.

Similar threads

P
  • Locked
FTP through MikroTik firewall
Replies
3
Views
20K
Plamen Kolev
P
T
  • Locked
FreeNAS and jails are not accessible through VPN
Replies
5
Views
3K
dlavigne
D
DrKK
How FiOS Works, and How To Ditch Verizon's Equipment
2
Replies
27
Views
56K
nrapopor
N
J
Advice needed - how to set firewall rules for a jail?
Replies
4
Views
3K
jjb2018
J
N
Firewall Rules Scale
Replies
4
Views
9K
NicJak
N
Top