Connect 2 networks with separate internet connections

tamara174 · January 9, 2017, 1:58pm

Hello, i am a newbie in networking and from Germany, so exuse my english =)

Today i have bought a RB750 hex, because i have read in the internet that i can connect two networks with this router. But how to configure?
My configuration:
I have 2 networks with separate internet connection. The first network (192.168.1.0/24) is made by a fritzbox 7490 (DHCP). The secons network (192.168.100.0/24) is made by a zyxel router (DHCP).

I want that all PCs from one network can talk to each other PCs from the other network (PC1 to PC2 in figure). So i connected the two WLAN-Routers over LAN with the Mikrotik router (RB750hex).

Ii followed this tutorial: http://networkingforintegrators.com/2013/01/how-to-run-multiple-networks-from-a-mikrotik/ to the point where they talk about “DHCP Servers & IP Pools”. Is that also necessary in my case? Or is this the complete wrong way to configure?

Maybe somebody can give me a word of advice!
Regards Tamara

irico · January 9, 2017, 2:40pm

If you configure it as in the image, you need to create static routes in Fritzbox and Zyxel.

RB750 should have similar IP:

192.168.1.X (ideal static IP, excluded from DHCP) on the interface connected to Fritzbox, eg 192.168.1.2
192.168.100.X (ideal static IP, excluded from DHCP) on the interface connected to Zyxel, eg 192.168.100.2

The routes to be created are:

In Fritzbox:
192.168.100.0/24 → 192.168.1.2 (Assuming this IP in RB750)
In Zyxel:
192.168.1.0/24 → 192.168.100.2 (Assuming this IP in RB750)

You will probably need to mask traffic in both directions (NAT masquerade).
It would be perfect to create networks with different IP ranges, between Fritzbox and RB750 and between Zyxel and RB750, so that no masking is required, just routing.

Rudios · January 9, 2017, 2:42pm

Adding the routes to both modems (Zyxel and Fritzbox) should be enough.
No need to do NAT’ting

irico · January 9, 2017, 2:48pm

Thanks for the clarification. I edit my previous post. Thanks

tamara174 · January 9, 2017, 5:49pm

Thank you for yor fast and helpful answer!
So i added the routes in the Fritzbox and the Zyxel, but i think there is a configuration error in the RB750, because i still can not connect to the other network.

Hm maybe i don’t know HOW to connect with the other network?

janus20 · January 9, 2017, 6:05pm

Hi,

Please post ( from New Terminal window type commands below ) output of:
/interface export
and
/ip address export

And also, could you tell us in which ports from RB750 did you connect Fritzbox and Zyxel ?

kind regards,

irico · January 9, 2017, 6:08pm

Please post result of:

/ip address print
/ip route print
/ip firewall filter print

tamara174 · January 9, 2017, 6:18pm

Of course i can…

This is the output of the commands:

[admin@MikroTik] >/interface export
# jan/02/1970 04:48:04 by RouterOS 6.34.2
# software id = KUWN-EGXJ
#
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] name="ether3 - RoTa"
set [ find default-name=ether4 ] name="ether4 - MuM"
set [ find default-name=ether5 ] master-port=ether2-master

[admin@MikroTik] > /ip address export
# jan/02/1970 04:48:06 by RouterOS 6.34.2
# software id = KUWN-EGXJ
#
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=192.168.88.0
add address=192.168.1.2 interface="ether3 - RoTa" network=192.168.1.0
add address=192.168.100.2 interface="ether4 - MuM" network=192.168.100.0

As you can see one router is on port 3 (RoTa - Fritzbox) and the other on port 4 (MuM - Zyxel).

Thanks!

tamara174 · January 9, 2017, 6:24pm

So there are the other outputs:

ip address print

             
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                     
 0   ;;; defconf
     192.168.88.1/24    192.168.88.0    ether2-master                                                                 
 1   192.168.1.2/32     192.168.1.0     ether3 - RoTa                                                                 
 2   192.168.100.2/32   192.168.100.0   ether4 - MuM

ip route print

   
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADC  192.168.1.0/32     192.168.1.2     ether3 - RoTa             0
 1 ADC  192.168.88.0/24    192.168.88.1    ether2-master             0
 2 ADC  192.168.100.0/32   192.168.100.2   ether4 - MuM              0

ip firewall filter print

Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward 

 1    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 2    ;;; defconf: accept established,related
      chain=input action=accept connection-state=established,related log=no log-prefix=""

 3    ;;; defconf: drop all from WAN
      chain=input action=drop in-interface=ether1 log=no log-prefix="" 

 4    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection connection-state=established,related log=

 5    ;;; defconf: accept established,related
      chain=forward action=accept connection-state=established,related log=no log-prefix=

 6    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid log=no log-prefix="" 

 7    ;;; defconf:  drop all from WAN not DSTNATed

Could there be somethin wrong with the subnetmasks? I thought they have to be 255.255.255.0 (/24) not /32 ?

janus20 · January 9, 2017, 6:41pm

Hi,

Well beside default firewall config which comes on rb750, at first sight from ip address print:

1 192.168.1.2/32 192.168.1.0 ether3 - RoTa
2 192.168.100.2/32 192.168.100.0 ether4 - MuM

should be:

1 192.168.1.2/24 192.168.1.0 ether3 - RoTa
2 192.168.100.2/24 192.168.100.0 ether4 - MuM

I mean ip address for ether3 it should be 192.168.1.2/24 ( netmask 255.255.255.0, network 192.168.1.0 ) not 192.168.1.2/32 ( meaning netmask 255.255.255.255 ); same for ether4 MuM. It reflects in ip route print as well

Open Ip → addresses and make coresponding changes and try again. Any change ?

kind regards,

tamara174 · January 9, 2017, 6:52pm

I addes the subnetmask, but still i can not connect to the other network.

[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADC  192.168.1.0/24     192.168.1.2     ether3 - RoTa             0
 1 ADC  192.168.88.0/24    192.168.88.1    ether2-master             0
 2 ADC  192.168.100.0/24   192.168.100.2   ether4 - MuM              0

irico · January 9, 2017, 6:56pm

Can you ping from RB to Fritzbox and Zyxel IPs?
Can you ping from RB to client connected to Fritzbox?
Can you ping from RB to client connected to Zyxel?

Can you ping from PC connected to Fritzbox to RB(192.168.1.2)?
Can you ping from PC connected to Zyxel to RB(192.168.100.2)?

It’s posible that Fritzbox and Zyxel have client isolation on WiFi? Can you try same test with wired Ethernet pc?

tamara174 · January 9, 2017, 7:24pm

First the PC pings:

from network 1
PC (WLAN) 192.168.1.x → 192.168.1.2 - success
PC (LAN) 192.168.1.x → 192.168.1.2 - success
PC (WLAN) 192.168.1.x → 192.168.100.2 - success
PC (LAN) 192.168.1.x → 192.168.100.2 - success

from network 2
PC (WLAN) 192.168.100.x → 192.168.100.2 - success
PC (LAN) 192.168.100.x → 192.168.100.2 - success
PC (WLAN) 192.168.100.x → 192.168.1.2 - failed
PC (LAN) 192.168.100.x → 192.168.1.2 - failed

from RB all pings succeeded!

janus20 · January 9, 2017, 8:03pm

HI,

Just curious:

from network 1
PC (WLAN) 192.168.1.x → 192.168.100.1 ( zyxel MuM ) - ???
PC (LAN) 192.168.1.x → 192.168.100.1 ( zyxel MuM ) - ???
add on RB750 on filter rules before rule 3 ( ;;; defconf: drop all from WAN ):

/ip firewall filter
add action=accept chain=forward comment=\
    "Forward between lans" dst-address=\
    192.168.100.0/24 in-interface=ether3 log=yes out-interface=ether4 \
    src-address=192.168.1.0/24
add action=accept chain=forward dst-address=192.168.1.0/24 in-interface=ether4 \
    log=yes out-interface=ether3 src-address=192.168.100.0/24

how’s ping from 192.168.1.x to 192.168.100.{1, y} and 192.168.100.x to 192.168.1.{1,y} ( on WLAN and lan ) ?

kind reagrds,

tamara174 · January 9, 2017, 8:10pm

→ both failed!

The other things i will test tomorrow, because i am tired and to test the LAN from Zyxel i have to go in the cellar

Thanks, regards

janus20 · January 9, 2017, 8:14pm

Hi,

ok, no problem

regards,

tamara174 · January 10, 2017, 6:59am

Good Morning,
i am so sorry, everything is fine now - there was transposed numbers in the Zyxel static route configuration (gateway).

Thank you all for your help!!!