I have two MikroTik routers with different networks and subnets. My first MikroTik router is on the 192.168.18.0/23 network, and my second MikroTik router is on the 192.168.16.0/24 network, which is solely for Wi-Fi. I have printers connected to my first MikroTik router with the following IP addresses: 192.168.18.5, 192.168.18.10, and 192.168.18.15.
I want to connect these three printers to my second MikroTik router so that I can access them over Wi-Fi. I’ve applied NAT rules and firewall rules, but I haven’t had any luck. I need help with this setup.
[quote=wfburton post_id=1101036 time=1727889752 user_id=215408]
Quick question. How many wireless clients do you need?
[/quote]
I already have clients added, but the issue is communicating with the printers that are behind another MikroTik router. I want my Wi-Fi users to access only the printers from another network.
For me, a detailed network diagram would help illustrate effectively what you are trying to accomplish.
In general if you have a main router and then other sub-set routers connected ( creating double nat ) communication from the main router to the secondary router is easily handled by adding static routes. Assuming that the secondary router is properly configured with masquerade sourcenat, any queries in the opposite direction will appear to come from the secondary router itself so return traffic to the originators behind the second router happens like butta.
So the dfifficult case is your wifi users on the main router trying to get through the secondary router to printers on the secondary routers LAN.
I will assume that the Management Subnet ( trusted ) of which the Secondary WANIP is assigned statically, is NOT the same subnet or vlan used by guest users!!
SO MAIN ROUTER
a. route add dst-address=IPofPrinter gateway=WANIPofSecondaryRouter routing-table=main. ( or perhaps subnet or perhaps dst-address-list of multiple devices )
The wanip of the secondary router ( also its lanip on the main router subnet ) is where the main router will send all queries with the NON LOCAL ip address ( the main router doesnt know about this subnet so we inform it by the static route ).
b. firewall rule
add chain=forward action=accept in-interface=VLANXY src-address=WIFI-GUEST-SUBNET dst-address=IPofPrinter ( Or possibly a dst-address-list of devices to be accessible )
ON SECONDARY ROUTER add chain=forward action=accept src-address=WifiSubnet dst-address=IPofPrinter out-interface=VLANAB ( Or possibly a dst-address-list of devices to be accessible )
[quote=wfburton post_id=1101184 time=1727955943 user_id=215408]
Please provide config files for both routers and post here.
The one you posted looks like your main router and I also see NAYATEL as your IPS provider. Are you running in a business environment or a home netrwork? I’m assuming it’s a home network but I could be wrong since you have 6 available ip addresses.
[/quote]
No, this is the router for Wi-Fi users, and no, it’s not in a home; these routers are configured for a business environment. My other MikroTik router is used for local LAN PCs and laptops that will only connect via Ethernet, and the printers are also connected via Ethernet.
I am getting a ping response from my printer on my Wi-Fi-configured router, but I can’t manage to allow Wi-Fi users to access the printers.
Yes, but I don’t have VLANs configured on my secondary router, which is set up only for Wi-Fi. I don’t want to grant access to limited users or manually add users to my router. I think I should provide a clear diagram of my network so it will be easier to understand.
