hi, i need input. It's actually quite simple but I don't quite understand it.

I have a distribution router, it has 5 ethernet ports.

ether1 - (port) wan
ether2, ether3, ether4 and ether5 - (port) bridge1-distribution

ip address bridge1-distribution 172.16.0.1/16

Now I want to remove the bridge and replace it with each network on each Ethernet port.

ip address ether2 = 10.20.0.1/16

ip address ether3 = 10.30.0.1/16

ip address ether4 = 10.40.0.1/16

ip address ether5 = 10.50.0.1/16

the problem is simple, under each ether2, ether3, ether4 and ether5 there are devices that use the old IP, namely 172.16.0.1/16

for example customer A under ether2 : using TP-Link WR840N modem in router mode with static IP 172.16.1.1, subnetmask 255.255.0.0, gateway 172.16.0.1 (my old bridge1-distribution ip)

My question is, how can IPs that have different subnets from the Ethernet port communicate with each other and get internet access even with old IPs that have different subnets from the existing Ethernet port? because there are too many clients under each Ethernet port, it is imposible for me to manually setting each and every client router to change their ip, subnetmask and gateaway. thank you

Have you tried running a DHCP server for each subnet and adding firewall rules to allow communication between the subnets?

Have you tried running a DHCP server for each subnet and adding firewall rules to allow communication between the subnets?

hi, thanks for answering.

I have even activated the hotspot server on each ethernet. then for the hotspot process everything is fine following each respective hotspot server IP. but the problem is with the static and dynamic client IP with the old IP (172.16.0.0/16). Can you give me an idea of ​​the firewall that I have to create, what an example looks like.

excuse my english.

Allowing communocation between the different subnets on each Ethernet port would be the easiest part and can be done using forward chain and action=accept. Example rule to allow communication between 10.20.0.0/16 and 10.30.0.0/16:
Or even better - add the necessary subnets to address lists and create an analogous rule:
The hard part would be to make use of a non-existent IP address so to speak and forward it to an existing one. I'm thinking of something with NAT and action=netmap, like:
and so on... Hopefully you catch the drill

Allowing communocation between the different subnets on each Ethernet port would be the easiest part and can be done using forward chain and action=accept. Example rule to allow communication between 10.20.0.0/16 and 10.30.0.0/16:

Code: Select all

/ip firewall filter
add action=accept chain=forward src-address=10.20.0.0/16 dst-address=10.30.0.0/16

Or even better - add the necessary subnets to address lists and create an analogous rule:

Code: Select all

/ip firewall filter
add action=accept chain=forward src-address-list="address_list" dst-address-list="same_address_list"

The hard part would be to make use of a non-existent IP address so to speak and forward it to an existing one. I'm thinking of something with NAT and action=netmap, like:

Code: Select all

/ip firewall nat
add action=netmap chain=dstnat dst-address=172.16.0.0/16 in-interface=ether2 to-addresses=10.20.0.0/16

and so on... Hopefully you catch the drill

I'm sorry I'm too layman.

I have tried all the methods above but the PC with a static IP under ether2 still cannot get internet.

I want to explain what I mean more simply.

1. ether2 on my router has a configuration ip address of 10.20.0.0/16

2. Below ether2 there are various devices in the form of PCs, cellphones, modems with static IP range 172.16.0.0/16

3. Likewise on ether3 with IP 10.30.0.0/16,
ether4 with ip 10.40.0.0/16,
ether5 with ip 10.50.0.0/16,

4. Under each ether mentioned above there are various devices with static IP addresses 172.16.0.0/16

5. How can devices with static IP 172.16.0.0/16 under ether2, ether3, ether4 and ether5 be able to communicate with each other and get internet access?