Community discussions

MikroTik App
 
sergiobaiao
just joined
Topic Author
Posts: 11
Joined: Tue Feb 14, 2012 1:38 am

Multilan Routing

Thu Aug 29, 2013 3:03 am

Hi people,

Can you give me some advice on this setup:

Image

Some observations:
1- There are two wireless links between the two sides of the network. The total distance between each side is at most 7 kilometers. Those wireless links are already up and running. One of them is using Ubiquiti's Rocket M5 radios, and the other one is using Airaya radios. Those links were set to be transparent bridges. The reason for two links is just failover.

In the scenario above, i have the following problems that i need to solve.

1- The internet link is coming to a router on one side of the network, and should be used by all 3 LANs and by the servers on the DMZ

2- I need to assign public IP addresses to some servers in the DMZ. How can i do it? Should i bridge the wan port on the RB with the lan port used by the wireless bridge and just set the public ip on the other side's RB?

3- I need to block traffic between the LANs so they won't propagate security issues. Do i need to just block netbios traffic or should i create VLANs?

4- Am i going to have loop problems because of the two wireless links being used as bridges? If so, how can i prevent this?


I really need some help on this, but there's no need for a step by step solution. If someone is able to do it, i would really appreciate, but a few tips can lead me to an north ;)

thanks in advance
 
jandafields
Forum Guru
Forum Guru
Posts: 1515
Joined: Mon Sep 19, 2005 6:12 pm

Re: Multilan Routing

Sun Sep 15, 2013 7:41 am

1- The internet link is coming to a router on one side of the network, and should be used by all 3 LANs and by the servers on the DMZ
Just make a NAT rule (srcnat masquerade) so everyone can access internet, and set 2 default gateways (one for each ISP) so all networks will be able to access Internet and it will auto-failover if there is a failure at one of the ISP's
2- I need to assign public IP addresses to some servers in the DMZ. How can i do it? Should i bridge the wan port on the RB with the lan port used by the wireless bridge and just set the public ip on the other side's RB?
You need 1:1 IP Mapping: http://wiki.mikrotik.com/wiki/Manual:IP ... :1_mapping
3- I need to block traffic between the LANs so they won't propagate security issues. Do i need to just block netbios traffic or should i create VLANs?
You should use a firewall rule to drop all traffic between networks. (in-interface=lan1 out-interface=lan2 action=drop -and- in-interface=lan2 out-interface=lan1 action=drop)
4- Am i going to have loop problems because of the two wireless links being used as bridges? If so, how can i prevent this?
STP in the interface settings will stop loops.

Who is online

Users browsing this forum: No registered users and 103 guests