Ďakujem za všetky tipy, no niekde robím chybu. Nech nastavím čo nastavím, vždy sa z VLAN10 pripojím do rb. Jediné funkčné pravidlo mám, že LAN a VLAN10 medzi sebou nekomunikujú
add action=drop chain=forward in-interface=LAN out-interface=VLAN10
add action=drop chain=forward in-interface=VLAN10 out-interface=LAN
Do firewall rules som pridal jednak vaše tipy a potom niečo asi nejako univerzálne, čo som našiel na mikrotik stránke https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter s tým, že som upravil svoje IP. No aj tak nič.
add action=drop chain=input dst-port=8291 in-interface=LAN port="" protocol=\
tcp
add chain=input comment="Accept established and related packets" \
connection-state=established,related
add chain=input comment="Accept all connections from local network" \
in-interface=LAN
add action=drop chain=input comment="Drop invalid packets" connection-state=\
invalid
add action=drop chain=input comment=\
"Drop all packets which are not destined to routes IP address" \
dst-address-type=!local
add action=drop chain=input comment=\
"Drop all packets which does not have unicast source IP address" \
src-address-type=!unicast
add action=drop chain=input comment="Drop all packets from public internet whi\
ch should not exist in public network" in-interface=WAN src-address-list=\
NotPublic
add chain=forward comment="Accept established and related packets" \
connection-state=established,related
add action=drop chain=forward comment="Drop invalid packets" \
connection-state=invalid
add action=drop chain=forward comment=\
"Drop new connections from internet which are not dst-natted" \
connection-nat-state=!dstnat connection-state=new in-interface=WAN
add action=drop chain=forward comment="Drop all packets from public internet w\
hich should not exist in public network" in-interface=WAN \
src-address-list=NotPublic
add action=drop chain=forward comment="Drop all packets from local network to \
internet which should not exist in public network" dst-address-list=\
NotPublic in-interface=LAN
add action=drop chain=forward comment="Drop all packets in local network which\
\_does not have local network address" in-interface=LAN src-address=\
!162.16.0.0/24
Nepomohlo ani toto
/ip service
set winbox address=172.16.1.0/24
Ja určite pletiem piate cez deviate, no neviem na to prísť. Existuje napr. nejaká literatúra, kde by som pochopil viac? Ja si kľudne kúpim nejakú knižku aby som na to prišiel. Nechcem to mať nastavené len tak, že mi to niekto napíše.