Block access to other network devices, Allow access to internet.

Posted on 2011-10-24
Last Modified: 2012-05-12

I need to allow one of the computers on my network access to the internet while blockning access to ANY of the local devices. (Other PC's on the network)

I am using MikroTik as my router. I'm familiar with that platform, just not specifically how to set THIS up.

Any advice would be very much appreciated.

Thank you in advance!
Question by:VCSLI
    LVL 4

    Expert Comment

    Hi VCSLI,

    Assuming that you use the Mikrotik to connect to the internet and your LAN is connected to the LAN port on the Routerboard, you need to access the Routerboard using the Winbox application. Once connected use the firewall and add 2 rules to the wireless interface.

    The first rule needs to be an accept rule for the IP address you want to allow through and the second rule needs to be a drop rule for

    Please take care not to drop all traffic to the LAN interface as this will stop you from using the Winbox application and you would need to reset the device in order to regain access.

    Author Comment

    I'm worry i dont follow you.

    If i allow SRC-ADDR to DST
    and then Drop SRC-ADDR to DST

    How does that help? :P

    This isn't for wireless, this is for a server i'm letting a customer use temporarily i want them to access the internet, but not anything on my network..
    LVL 13

    Accepted Solution

    if your client is to have control of the server you must use vlan to separate from your local network
    LVL 6

    Expert Comment

    I agree with Greg_Heji. Putting that server on a separate VLAN would probably be the easiest way to accomplish what you want.

    Author Closing Comment

    This was good advice, thank you!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now