Dear All,
I create a lab in my home to training in Mikrotik, this simulation make 2 different subnets reach each other
Input
wan1 :192.168.0.1
wan2: 192.168.1.1
Output
Local1: 192.168.77.1
Local2: 192.168.88.1
The problem is that I cannot reach devices but I can only reach the gateways.
From 192.168.77.1 to 192.168.88.1 ping ok
From 192.168.88.1 to 192.168.77.1 ping ok
from 192.168.77.1 to 198.168.88.254 time request out
from 192.168.88.1 to 192.168.77.253 destination net unreachable
many thanks for your help and support.
and this is what i did in Mikrotik:
jan/02/1970 02:26:24 by RouterOS 6.7
software id = U8W3-U8VJ
/interface ethernet
set [ find default-name=ether4 ] name=Local1
set [ find default-name=ether3 ] name=Local2
set [ find default-name=ether1 ] name=wan1
set [ find default-name=ether2 ] name=wan2
/ip dhcp-server
add address-pool=dhcp_pool3 disabled=no interface=Local1 name=dhcp1
add address-pool=dhcp_pool4 disabled=no interface=Local2 name=dhcp2
/ip address
add address=192.168.0.2/24 interface=wan1 network=192.168.0.0
add address=192.168.1.2/24 interface=wan2 network=192.168.1.0
add address=192.168.88.1/24 interface=Local2 network=192.168.88.0
add address=192.168.77.1/24 interface=Local1 network=192.168.77.0
/ip dhcp-server network
add address=192.168.77.0/24 dns-server=8.8.8.8 gateway=192.168.77.1
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.77.0/24 list=mylan
add address=192.168.88.0/24 list=mylan1
/ip firewall filter
add chain=forward connection-state=new src-address=192.168.77.0/24
src-address-list=mylan
add chain=forward connection-state=established src-address=192.168.77.0/24
src-address-list=mylan
add chain=forward connection-state=new src-address=192.168.88.0/24
src-address-list=mylan1
add chain=forward connection-state=established src-address=192.168.88.0/24
src-address-list=mylan1
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=Local1 src-address=
192.168.77.0/24
add action=mark-routing chain=prerouting new-routing-mark=Local2 src-address=
192.168.88.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Local2 src-address=
192.168.88.0/24
add action=masquerade chain=srcnat out-interface=Local1 src-address=
192.168.77.0/24
/ip route
add distance=1 dst-address=192.168.88.0/24 gateway=192.168.0.1 routing-mark=
Local1
add distance=1 dst-address=192.168.77.0/24 gateway=192.168.1.1 routing-mark=
Local2
add distance=1 gateway=192.168.0.1
/ip route rule
add dst-address=192.168.88.0/24 interface=wan1 src-address=0.0.0.0/0 table=
Local2
add dst-address=192.168.88.0/24 interface=wan2 src-address=0.0.0.0/0 table=
Local1
/system leds
set 0 interface=wlan1
Are you trying to do this:
Lan1 → Wan1
Lan2 → Wan2
BUT also:
Lan1 ↔ Lan2
If you use mangle table to set routing mark for traffic to/from LAN1, then you must manually create a static route dst=ip.of.lan.2/24 gate=LAN2 routing-mark = lan1
dst=ip.of.lan.1/24 gate=LAN1 routing-mark = lan2
This way, LAN2’s routing table has a way to reach LAN1. If you don’t do this, it will force to Internet via WAN2 only.
Same for LAN1. Its routing table must have a route for LAN2, or else it will only see internet on WAN1.
I also recommend that you do not use srcNAT from LAN1 → LAN2. Let these networks see each other’s actual IP addresses because they will be able to reach each other without crossing the Internet. You only need to NAT when you map private IP hosts onto the Internet.