Access IP from different subnet without a gateway

gotsprings · December 22, 2014, 1:55am

The Office router has 2 networks.
192.168.10.0/24 for Users and Most Devices.
192.168.101.0/24 for Admin users and Admin devices.

Admin can reach any device on the user network… so long as it has a proper gateway. User devices can not reach Admin network due to firewall rules for new connections.

Enter the VOIP guy who built a 3rd network.
He asked for a route from 192.168.10.254 to his 10.160.0.0/14 space.
SO I added a route.

/ip route
add distance=1 dst-address=10.160.0.0/14 gateway=192.168.10.254

This works.

He then emails me that devices from the Admin network can not reach the 10.160.0.0/14 network.

I log in and check and look through firewalls. Check proxy-arp. Test various addresses… To me it seems that the switch is either set to “Allow Access From Same Subnet Only” or it doesn’t have have a gateway.

I email to that effect, and he emails back that the switch does not have a gateway “as a security measure.”
I reply with, “Well that explains why it doesn’t work.”

So that aside.
What would be the best way to reach that switch and of course onto the network behind it when than switch doesn’t have a gateway for default forwarding?

So from 192.168.101.0/24 to 192.168.10.254 and 10.160.0.0/14 .

Rudios · December 22, 2014, 5:59am

Could you please give some more IP related info.
What are your gateway addresses for each subnet and where is your router (I assume it’s your routerboard)

gotsprings · December 22, 2014, 10:47am

RB2011
Ether 2 192.168.10.1/24
Ether 5 192.168.100.1/24

Rudios · December 22, 2014, 10:50am

So that means your RB is not gateway for the VoIP system.
Does the router between your system and the VoIP system has a route towards your admin network?

KillerOPS · December 22, 2014, 11:14am

You could use NAT to srcnat everything that goes to that IP to the IP of the router.
However, that would overcome that thing he calls “security”.

gotsprings · December 22, 2014, 2:44pm

There is no route on his VOIP to the admin network. It will not accept connections from any other network then the user network (192.168.10.0/24). Like I pointed out… this is his security.

He is using my route to the internet for my user network. Gateway of 192.168.10.1 by putting his gear at 192.168.10.254.