Access router from another lan

ezamora · January 28, 2020, 3:36pm

Hi, this is the scenario:

A Linux ClearOs that provides dhcp on 192.168.4.0/24 and static network on lan 192.168.10.0/24
The router Mikrotik has the ip 192.168.10.2 (ether3) and interface wan (ether1) to access the internet (and VPN, etc. another story)
Devices on lan 10.0/24 can ping Mikrotik of course.
Devices on lan 4.0/24 can ping all other devices on lan 10.0/24, except the ip of Mikrotik.

I understend that Mikrotik denies all packages that do not come from lan 10..
The answer is: How do I allow access from lan 4 to the router Mikrotik? (and then allow go to the internet)

These are the firewall rules:
/ip firewall nat
add action=masquerade chain=srcnat comment=“nat salida a internet” out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether3
add action=masquerade chain=srcnat dst-address=192.168.21.0/24 out-interface=ether1 src-address=192.168.10.0/24 (VPN stuff)

Thanks in advance.

WeWiNet · January 28, 2020, 4:10pm

You missed to post firewall / Filter rules. If you’d had only the ones you mention (NAT), everyone could reach everything…
Mikrotik will not drop anything. Firewall rules do!.
The default firewall setting in Mikrotik do drop quit a lot , but again to judge this, need your config.

Please export all with hide sensitive

ezamora · January 28, 2020, 5:27pm

Duh! The Mikrotik was reset to factory default and then clean default configuration… Sory, I’m new. So now I will follow this guide https://wiki.mikrotik.com/wiki/Basic_universal_firewall_script
After that, what would I miss?