Hallo there i have two mikrotik’s connected to each other. The one is the AP and the other the client. I have made thiis connection from the office to my house. THe internet is good. The computers at the office is running on a 192.168.0.0/24 network. the network between the two mikrotiks is 192.168.4.0/24 and the network at home is 192.168.5.0/24. When im at home then im able to ping all the computers on the other networks. But not vise versa. i would like to be able to use vnc from work to access the computer at home. But i cannot find a way to ping the home computer. But when im at home then i can access all the computers on all the networks that is connected to the lan. I want to access a computer on 192.168.5.0/24 from 192.168.0..0/24. Can someone please help me how to get this to work. thankyou.
Your the best,
my network is setup as this. The AP’s eth1 is 192.168.0.10, the wlan1 is 192.168.4.1. on the client the wlan1 is 192.168.4.2 and the eth1 is 192.168.5.1.i want to connect to computer 192.168.5.3 from computer 192.168.0.101
Thanx i am able to make a pptp connection but im getting comfused. Will i need to setup a pptp server on both ap’s. I cannot ping any computers on the 192.168.4.x range or the 192.168.5.x range from the 192.168.0.x range
I got it correct. What i did is i made a pptp server on the AP. Then i created a vpn account in windows and i connected to the ap. then i was able to ping 192.168.4.2. Then i used winbox and log in to the client. And setup a pptp server. Then i created another vpn account in windows, setting that account to firstly dail the previously created account. So then when i click connect then the it will firstly connect to the ap using vpn and then dail the other account and connec to the client. then i can browse the 192.168.5.x network. thank you
That sounds like a horrible solution. Why don’t you just setup EoIP, then it will be as if you just have one big network.
RouterW:
LAN IP=192.168.0.254 (eg)
WAn IP=192.168.4.254 (eg)
Create EoIP interface pointing to RouterH IP (192.168.4.253?)
Create bridge, add bridge ports EoIP and LAN
Assign IP 192.168.0.254(?) to bridge instead of LAN
make arp-proxy=yes for bridge
RouterW
LAN IP=192.168.0.253 (eg)
WAN IP=192.168.4.253 (eg)
Create EoIP interface pointing to RouterH IP (192.168.4.254?)
Create bridge, add bridge ports EoIP and LAN
Assign IP 192.168.0.253(?) to bridge instead of LAN
make arp-proxy=yes for bridge
Now you all are on the same 192.168.0.0/24 network, you’ll even get DHCP across from router on other side.
it seems difficult. what if router one have eth1 as 192.168.0.10 and wan as 192.168.4.1. And the other router have wan as 192.168.4.2 and eth as 192.168.5.1
Im having trouble setting up eoip. The problem is that i cannot connect from work to home.So i have to make a vpn connection to the AP so that i can access the other routers that is connected to the AP. But i can easily browse the network at the work from any client computer. I was able to setup eoip but i cannot ping the computers at home. can you help. I want to access computer 192.168.5.3. But i have to go from 192.168.0.101(work computer) through 192.168.0.10(ap’s eth1) then to 192.168.4.1(ap’s wlan1) then to 192.168.4.2(client’s wlan1) and then to 192.168.5.1(client’s eth1) and then i can get to 192.168.5.1 How must o go about to setup eoip,thanx
i had the same problem the other day.SOmetimes i will get emails and somedays not. Im trying to configure the RB to only allow my ip to access the computers adn network over teh eoip
I haven’t tried it, but what about a INBOUND firewall rule linked to the LAN interface, dropping all connections that is (!-not) from 192.168.0.xx that way (I think) it should block it from reaching the bridge and therefore the EoIP.
I will first have to get more info about doing that, I have a netgear router at home. Now it is constantly busy and when i check wjat devices is connected to it then it shows that all the devices on the lan is connected to it. Now there is traffic on the wlan all the time. I would realy like it if i can be the only one that can access the computers on the network.
i did not had any luck yet. Im When i add a filter rule then i am able to block or allow all traffic tp the bridge interface. Buti only want to allow one mac address and block all the other.Can anyone help plz
Use the Src Address field and tick the box to the left of the IP, this means that 'NOT"
so **!**192.168.0.123 means block (or allow) all addresses that are not=192.168.0.123
You should be able to use Src MAC field under the Advanced tab instead if you have dynamic IPs.
Or
create a rule to allow yourself, then another rule afterwards to block everyone else.
Great stuff. It worked. I think i might have tried that one before but some how it did not work. But now it does work. The the pnly protocol that io am allowing for other users is icmp to avoid ip conflict when a user select a ip manually.
it would have been cool if i can add a secondary mac address to the existing rule. If i ceate a second rule then it does not accept the mac i use.I want to add 2 computers. the one is working now but if i add a second rule then it does not work
When i setup the rule then i have to choose eoip-tunnel1 as my Our.Bridge port otherwise the rle wont work correctly. I hope that is the correct interface.
Well, then just add two seperate rules to allow the mac addresses and then a third rule afterwards to deny everything else.
You really should do some reading on basic firewall stuff in the manual.
No problem. The thing about these forums are that people don’t mind to help, assuming that you’ve done your homework. I also don’t mind helping, but you should at least do some reading up otherwise you expect other people to teach you what can be found in the manual or on the wiki. Don’t stress about it, no ‘biggie’. Just thought I’d mention it for future reference. The only ‘requirement’ is that hopefully in the future you can help someone else again.
Greetings from Jeffreys Bay, South Africa
Thanx man im also from South Africa. I have downloaded a pdf about filtering my firewall. I am able to allow just myself to enter the network through eoip to my home. But when i create another rule then that rle is ignored. I have accidently lock myself out. Now i will have to wait until lunch time to remove the rule from home pc. Have a nice day.
