Hi All,
I’ve been search Google for weeks now and found nothing helping me to solve this issue. Maybe you guys can help. I have MK 450g. I have 2 internet lines and two LANs, LAN1 → WAN1 and LAN2 → WAN2. Everything works just fine, but LAN1 and LAN can’t or won’t communicate!
WAN Addresses
WAN1: Eth1-WAN1 (PPPoE)
WAN2: Eth2-WAN2 (IP: 192.168.1.2/24
LAN Addresses
LAN1: Eth3-LAN1 (IP: 192.168.2.1/24)
LAN2: Eth4-LAN2 (IP: 192.168.3.1/24)
Everything works perfectly, except LAN1 and LAN2 cannot communicate. Everyone said the connected route should be working by default, but guess not. Other said to change the dynamic pref source to allow the network not just the gateway. Honestly CISCO is much easier to configure with this scenario, but it’s too expensive for the market here So I’m redirecting my skill more toward Mikrotik. Any help would be much appreciated. Please note I’m not load balancing, just two departments using two different connections and need to allow them communicate on local LAN.
Thanks in advance
Hi Caci,
Nope, just Nat the source address out each WAN interface and masquerade them like so,
Chain: Srcnat
Src Add: 192.168.2.0/24
Out Int: WAN1
Chain: Srcnat
Action: Masquerade
Src Add: 192.168.3.0/24
Oout Int: WAN2
Action: Masquerade
I have another mikrotik setup for testing this configuration. All I have is below configuration for testing
Two LANs
LAN1: 192.168.2.1/24 on eth1
LAN2: 192.168.3.1/24 on eth2.
Two dhcp pools,
pool 1 eth1: 192.168.2.50-192.168.2.100, network: 192.168.2.0/24 dg: 192.168.2.1
pool 2 eth2: 192.168.3.5-192.168.3.100, network 192.168.3.0/24, gw: 192.168.3.1
Routes
DAC dst. add 192.168.2.0/24 gw: eth1 pref src 192.168.2.1
DAC dst. add 192.168.3.0/24 gw: eth2 pref src 192.168.3.1
pc1 ip 192.168.2.100, gw 192.168.2.1
pc2 ip 192.168.3.100, gw 192.168.3.1
Each pc can ping both gw but not the pcs ip.
Is this not possible to route between two subnets connected to the same mikrotik interfaces?
Are these routes both active? I don’t think so. Because without policy routing in place, the router will just chose one of the two.
Anyway, try to add an accept rule before/above the masquerade rule:
Hi Caci,
Unfortunately that doesn’t work either, I’ve monitor using torch while trying to ping, and the packets show up and quickly disappear. Please see the complete configuration below
ip add p
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.2.1/24 192.168.2.0 ether3-LAN1
1 192.168.3.1/24 192.168.3.0 ether4-LAN2
2 192.168.1.3/24 192.168.1.0 ether2-WAN1
ip dhcp network p
# ADDRESS GATEWAY DNS-SERVER WINS-SERVER DOMAIN
0 192.168.2.0/24 192.168.2.1
1 192.168.3.0/24 192.168.3.1
ip firewall nat p
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=accept src-address=192.168.2.0/24
dst-address=192.168.3.0/24 log=no log-prefix=""
1 chain=srcnat action=accept src-address=192.168.3.0/24
dst-address=192.168.2.0/24 log=no log-prefix=""
2 chain=srcnat action=masquerade src-address=192.168.2.0/24
out-interface=ether2-WAN1 log=no log-prefix=""
3 chain=srcnat action=masquerade src-address=192.168.3.0/24
out-interface=ether2-WAN1 log=no log-prefix=""
ip route p
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.1.1 1
1 ADC 192.168.1.0/24 192.168.1.3 ether2-WAN1 0
2 ADC 192.168.2.0/24 192.168.2.1 ether3-LAN1 0
3 ADC 192.168.3.0/24 192.168.3.1 ether4-LAN2 0
I’m looking at the dynamic route, it seems that the destination networks can only be reached by the gateway specified in pref src? Any pc can ping the network gateway and not the pc resides on those network.
Thanks for the suggestion, but that didn’t work either; I’ve tried everything under the sun in Mikrotik and it couldn’t solve the issue as the issue isn’t with Mikrotik configuration at all. I disabled windows firewall and antivirus firewall, now all subnetworks can talk. My other question will be how do i close this threat or mark as solve or just leave it
Cheer
So I’m redirecting my skill more toward Mikrotik. Any help would be much appreciated. Please note I’m not load balancing, just two departments using two different connections and need to allow them communicate on local LAN.