![Polyworks 2021 download](https://cdn3.cdnme.se/5447227/9-3/screenshot_3_64e629479606ee7f889a24a8.jpg)
![mikrotik basic firewall mikrotik basic firewall](https://4.bp.blogspot.com/-lEqAhCtXnw4/WCY-bWbr-YI/AAAAAAAAAEQ/J4tOzNRXvtIIK1xKfK1FmTPoKLWvsr-dACPcB/s1600/mikrotik%2Bgede.png)
You want to masquerade all traffic NOT destined for 192.168.0.0/16. No rules except for a single masquerade entry. THIS IS IMPORTANT!!!įirst, set up everything to work without restriction. You FULLY intend to circle back once everthing is working and ENABLE HTTPS on your server.You don't want anyone from the WIFI to be able to reach your LAN except for HTTP or DNS.You do not want anyone from the WAN or PPPoE to be able to reach your LAN.I'm going to write this up from memory because I don't have an unused router handy at the moment, but this should work. This configuration has been made far more complicated than necessary. NOTE: Skip to TLDR if you just want the direct answer. Scenario is access WIFI users to internet by authentication and access local server locally and free.Īlso public web access to my server from internet. I have created dst-nat from my public IP x.x.x.x to local server IP.Īnother dst-nat from LAN to server LAN IP address.Īlso SRC NAT to masqurade, LAN and WIFI connections to server.Īnother SRC-NAT masqurade for access internet.Īlso mikrotik DNS service used to get records and catch from my local server DNS service.Īll things work good, until, I want create hotspot service on WIFI interface.ĭynamic firewall filters and NATs destroy all things work. I have created rules for block incoming connection from internet, except 80,53. I have a windows server with DNS, HTTP services on LAN interface, and 1 wireless access point on WIFI interface. I have a PPOE client to connect over WAN to ISP and get static public IP I have a router os installed on a virtual server, with 3 interfaces:
![Polyworks 2021 download](https://cdn3.cdnme.se/5447227/9-3/screenshot_3_64e629479606ee7f889a24a8.jpg)