Isolation port configuration on MikroTik devices
Isolation port configuration on MikroTik devices
Hi everyone. I'm using a Mikrotik HAP Lite router with Nextcloud set up on Ethernet port 4, a WAN port on Ethernet port 1, and LAN connected via Ethernet port 2. After initial setup in RuterOS, I removed Ethernet port 4 from the bridge and enabled port isolation. Now Nextcloud is only allowed to communicate through Ethernet port 1 (WAN). My concern is whether this setup protects my network: if someone compromises the Nextcloud server, can they still reach my PCs on Ethernet port 2?
You're wondering if hosting your Nextcloud server in a DMZ isn't feasible.
I don’t understand how to set it up. I’m using Nextcloud with a Nginx reverse proxy, which is a configuration I’m comfortable with. I think running the service on an isolated port on Mikrotik should work, but I’m not sure. When I try to reach my local PC from the Nextcloud VM via the command line, it times out.