I have 2 x networks
I get Internet from Network1 for Network2 over the WAN port.
I need access to PC X Network1 from PC Y1 from Network2
Can you please assist with the firewall rule that will be required to make this possible.
Thanks
[Edit]
I’ve attached the current config.
Note: The IPs used in this test environment in this config is slightly different than the image:
Network 1 - DHCP 192.168.77.0/24
Network 1 PC X - 192.168.77.116
Network 2 WAN - 192.168.77.114
Network 2 - DHCP 192.168.81.0/24
Network 2 PC Y1 - 192.168.81.254
You gave us very little to go with. If you are asking about the Mikrotik, if it is configured with a fairly default config, you need to do nothing more. If you are asking about the other non-specified equipment, we can only guess.
If this is not working, we need more detail to go on. Export the config of the Mikrotik, and tell us what the unspecified equipment in network 1 is, and how it’s configured.
To export and paste your configuration (and I’m assuming you are using WebFig or Winbox), open a terminal window,
and type (without the quotes) “/export hide-sensitive file=any-filename-you-wish”. Then open the files section
and right click on the filename you created and select download in order to download the file to your computer.
It will be a text file with whatever name you saved to with an extension of .rsc. Open that file in your favorite
text editor and redact any sensitive information if desired / needed. Then in your message here, click the code
display icon in the toolbar above the text entry (the code display icon is the 7th one from the left and looks
like a square with a blob in the middle). Then paste the text from the file in between the two code words in brackets.
hi,
First of all, I think that pc y1 on subnet 192.168.2.0/24 needs to know how to get subnet 192.168.0.0/24.
So, you must set a route rule in IP->Routes in your MK device.
Then you also need to set a firewall rule on the router/firewall which manages subnet 192.168.0.0/24 to enable access for every pc on subnet 192.168.2.0/24, or only for 192.168.2.2/24, your pc y1.
The fact of the matter is there is nothing you can do to help on the MT.
All traffic is sourcenatted when it leaves the 192.168.2.1 gateway on Network 2 through the wan port/WANIP of the MT router which you inconviently omitted. Lets say its 192.168.0.35
Think of 192.168.0.50 as an external internet IP to reach…
The request from 192.168.2.2 leaves the MT router with IP address of 192.168.0.35 ( through source natting rules) it then hits the interface gateway of 192.168.0.1 on the unknown router.
If it was an external address it would use rules existing for routes and dns to get your traffic to the WWW, but in this case the router knows that the device
is on a known internal subnet, in fact the same one the router is on and the main router should simply move the traffic directly to .50. The return traffic would be sent back the the MT router which appears to be the source - the MT router in turn would unsourcnat the traffic back to source and sends the return traffic to 192.168.2.2
In other words it should work, so as pointed out, its what you are not telling us that matters. It does not appear there is any issue with the MT in this scenario…
Assuming their is a reason to segment the LAN into Network 1 and Network 2 using a firewall, clients that sit behind the Mikrotik on Network 2 should be able to access Network 1 -if- Network 1 configured correctly. Normally this his done with a VPN or Port Forwarding.
hi k6ccc<
Thanks for the feedback.
I’ve edited my original post, and added the config.
Please also note that the IP ranges are slightly different from my production drawing, and my test setup.
It is all set out in the post.
I can confirm with the current setup, Im unable to ping from Network2-PC Y1 (192.168.81.254) → to Network1-PC X (192.168.77.116)
[Edit]
I have found that 2 x of my devices in the test setup was blocking the pings, thus giving false results.
I can confirm that I am able to ping Network1 PC X from Network2 PC Y1.
If Network1 PC X had a static IP, and Router 192.168.0.1 was not there. Is it possible to still reach PC X?
Is it possible to Ping Network2 PC Y1 → from Network1 PC X without having access to the router in Network 1?
