Hello.
I have two LAN networks.
I would like to connect them.
Traffic from LAN A to LAN B working propertly.
But from B to A don’t working (I tried pinging from 10.100.0.122 to 10.100.0.60).
I tried with serval records in firewall, but problem still exists.
Could anybody tell me what I have to do in this case?
Regards,
Tomasz
Hello,
You’ll need to add a route : ip route add dst-address=192.168.0.0/16 gateway=10.100.0.60 distance=1
He shouldn’t need a route on the MikroTik as both of these will be directly connected networks.
More than likely (making an assumption from the drawing), the default GW for the 10.0.0.0/8 network is on PF Sense, which means hosts on that network will send traffic to unknown subnets to the PF Sense FW gateway and it doesn’t know about the 192.168.5.0/24 subnet.
To resolve:
a static route to the 192.168.5.0/24 network is needed on PF Sense using the IP of the 10.10.0.60 address on the MikroTik as the GW. Also create a gateway entry and FW rules if needed.
If you look correctly, he need to route 192.168.0.0/16, as 192.168.5.1 is a part of this network
Evince thank’s for reply.
In first step i tried send ping to 10.100.0.60. It’s the same network.
OK, maybe you have a firewall rule that’s blocks your request. Try to disable all drop rule first. If it works, then adjust them
You’re correct, I missed that it’s a /16 mask, but I believe the route will still need to be on PF Sense.
Of course, the route needs to be on PFSENSE 
it seems logical
For test I added accept rule with no details.
Ping from 10.10.1.1 to 10.100.0.60 still not working.
Still Searching, I launched hosts (with wireshark installed) in both networks .
Pinging from 10.0.0.0/8 network host in 192.168.0.0/16 network (exactly pinging 192.168.3.179 from 10.10.2.26) packets reach the router network 192.168.0.0/16 (192.168.0.1) - can see it in the sniffer on the router, but they do not reach the host anymore (empty log on wireshark).
However, ping from the router (192.168.0.1) to this host (192.168.3.179) passes without any problem.
The ping in the second direction (i.e. from 192.168.3.179 to 10.10.2.26) goes correctly.
So the MikroTik router is receiving the ICMP traffic from the host behind the PF Sense firewall and sending it back.
Have you performed a capture on the PF Sense FW to see if it receives the traffic? It seems like your issue is in PF Sense based on the data you sent. The MikroTik is routing correctly.
Mikrotik receives ICMP traffic from 10.10.2.26, but does not forward it to192.168.3.179.
Can you post the full config and active routing tables for the MikroTik and PF Sense device?
Problem resolved.
The problem was NAT on ether1 – gateway.
Wysłane z mojego CLT-L29 przy użyciu Tapatalka