I am trying to be able to ssh in and map network drives into devices in the bridge (eth 2-eth10, 192.168.0.0/24) from the wan zone (eth1, 192.168.1.1)
I have made the following NAT rules in my firewall
This allows me to ping machines in 192.168.1.0/24 from 192.168.0.0/24 but not the other way around.
I read that the firewall drops all connections from WAN interface by default and that a firewall rule had to be made but I have no idea how.
I tried disabling the defconf “drop all if not dstnated” from the firewall rules but it still doesnt work.
Could anyone help ? RouterOS is a bit daunting at first !
I am trying to reach the NAS and server in the 192.168.0.0/24 subnet while my laptop is connected on the ISP Access point in the 192.168.1.0/24 subnet.
I made the two NAT rules in the OP and I can now ping devices connected to the ISP access point 192.168.1.0/24 when I am connected on My access point (192.168.0.0/24)
but I am unable to communicate with any device from the bridge interface 192.168.0.0/24 when connceted to my ISP access point.
When you send traffic to any address outside 192.168.1.0/24 from your laptop it is sent to the gateway address on your ISP router. Unless that router knows specifically where to send traffic destined for 192.168.0.0/24 to, it will be sent to the WAN.
You need to configure a static route on the ISP router 192.168.0.0/24 via 192.168.1.x where x is the address of the Mikrotik “WAN” port, if that is not possible you would have to configure a static route on every device connected to the 192.168.1.0/24 LAN which needs to communicate with 192.168.0.0/24.
This makes perfect sense … How would my ISP’s router know the 192.168.0.0/24 even exist behind the Mikrotik, this is so obvious now.
Unfortunately my isp router doesnt allow any advanced configuration whatsoever, but they do offer the possibility to exchange their router/modem for a modem only.
I’ll do that and use the Mikrotik as the lone router.
Thanks !!
