I am running a Caps AC with CapsMan and created a guest wifi network based on a VLAN:
To separate this from the internal network I've added some firewall rules:
This seems to work fine. Then I added another Caps AC which also gets the settings from the CapsMan. But it surprised me when testing this new AP that I could not reach the internal network from it although I had not created any firewall rules yet. Is CapsMan also sending its firewall rules or what is the reason for this?
Code:
/interface wirelessadd disabled=no mac-address=1A:FD:74:76:FE:76 master-interface=wlan1 mode=station name=wlan3/interface vlanadd interface=bridge name=vlan13 vlan-id=13/caps-man datapathadd bridge=bridge client-to-client-forwarding=no local-forwarding=yes name=datapath-VL13 vlan-id=13 vlan-mode=use-tag/caps-man configurationadd channel=channel24 country=germany datapath=datapath-VL13 installation=indoor mode=ap name=Guest security=Guest ssid=GuestCode:
/ip firewall filteradd action=drop chain=input comment="drop packets into internal lan from guest vlan13" dst-address=10.10.0.0/16 in-interface=vlan13add action=drop chain=input dst-address=192.168.13.1 in-interface=vlan13 protocol=tcp src-address=192.168.13.0/24add action=drop chain=forward dst-address=10.10.0.0/16 in-interface=vlan13add action=drop chain=forward disabled=yes dst-address=192.168.13.1 src-address=192.168.13.0/24/ip firewall natadd action=masquerade chain=srcnat comment="nat vlan13 into lan if dest is outside lan" dst-address=!10.10.0.0/16 src-address=192.168.13.0/24 to-addresses=10.10.10.120Statistics: Posted by stoffel24 — Mon Jan 22, 2024 10:59 pm