Dual WAN and Dual LAN on same mikrotik router, but LANs must reach each other to allow access to a server on 1 LAN.

RouterOS General
21

[quote=anav post_id=948645 time=1659106293 user_id=115581]
(1) Forward chain, besides standard rules… an Ip address of a server is /32 not /24 by the way.
/ip firewall filter
{forward chain}
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack” connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related, untracked” connection-state=established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid” connection-state=invalid
add action=accept chain=forward comment=“allow internet traffic” in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment=“allow port forwarding” connection-nat-state=dstnat
add action=accept chain=forward src-address=192.168.1.0/24 dst-address=192.168.100.6/32
add action=accept chain=forward src-address=192.168.100.0/24 dst-address=192.168.1.10/32
add action=drop chain=forward

(3) Remove mangling part of the config, not required or desired.

(4) Assuming using vers6 firmware… 6.48.6 long term for example
Add some route rules to direct routing appropriately.
/ip route rule
add action=lookup-only-in-table src-address=192.168.1.0/24 table=Lab-Net
add action=lookup-only-in-table src-address=192.168.100.0/24 table=Clinic-Net

Where you have the routes as described
add distance=1 gateway=192.168.10.1
add distance=1 gateway=192.168.20.1
add comment=Lab distance=1 gateway=192.168.10.1 routing-mark=Lab-Net
add comment=Clinic distance=1 gateway=192.168.20.1 routing-mark=Clinic-Net

++++++++++++++++++++++++++++

In version 7 its a tad different.

add distance=1 gateway=192.168.10.1
add distance=1 gateway=192.168.20.1
add comment=Lab distance=1 gateway=192.168.10.1 table=Lab-Net
add comment=Clinic distance=1 gateway=192.168.20.1 table=Clinic-Net

Will need to use New Terminal and CLI commands to add tables and route rules.
/routing rule add src-address=192.168.1.0/24 action=lookup-only-in-table table=Lab-Net
/routing rule add src-address=192.168.100.0/24 action=lookup-only-in-table table=Clinic-Net

Add table.
/routing table add name=Lab-Net fib
/routing table add name=Clinic-Net fib
[/quote]

Literacy problem perhaps. :wink:

22

Hi
Did you solve it ?

Sol-1 its better to have a new LAN interface for the server even USB-WIFI connected to LAN2 this way each networks are separated and use different routers with same server.
Sol-2 use two different routers and connect both via for example ether2 , and just add route rule on router 2 show the path for Server IP only.

Your idea I did it before but its required more firewall rule and routing , but issues will have too much such as windows assign IPV6 automatically between host and share windows updates even host not in same subnet, virus conflicts etc issues from bad users will show on both networks.

always use hardware L1 separator better than software L2/L3

23

hi can you show your config on how you did that , want to do exactly the same setup

24

Dear Sirs!

Or I have such a problem that I have an hAP ac3 router with 2 WAN and 2 LAN om.
LAN1 goes out to the Internet on WAN1, LAN2 is your Wan2.
A LAN1 192.168.1.1/24 a LAn2 192.168.10.1/24
ether1-WAN1
ether2-WAN2
ether3-LAN1
ether4-LAn2

/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=WAN1_TO_LAN1
passthrough=yes src-address=192.168.1.0/24
add action=mark-routing chain=prerouting new-routing-mark=WAN2_TO_LAN2
passthrough=yes src-address=192.168.10.0/24

/ip route
add distance=1 gateway=ether1 routing-mark=WAN1_TO_LAN1
add distance=1 gateway=ether1 routing-mark=WAN1_TO_LAN1
add distance=1 gateway=lte1 routing-mark=WAN2_TO_LAN2
That’s how I solved it!
What is the solution to reach the LAN2 machine with the IP address 192.168.10.252 from the LAN1 subnet?
Who can help me with this?
Thanks in advance!