I’ve the following link scheme : fiber → ONT → mikrotik —> PC
The Wan port is eth2 (where is linked the ONT ) and lan port is eth1
I need to reach the ONT web gui (192.168.1.1), *tik router has 192.168.1.2 address , lan has 192.168.1.0/24 addresses .
I’m able to reach the *tik web gui from lan . I thought to do a firewall nAT masquerade but without success.
Probably it is necessary only to to a bridge between the Lan port(eth1) and Wan port (eth2) ?
thanks
You really need to either change the ONT to a different Subnet or change your LAN to a different subnet so they are not both using 192.168.1.x addresses.
If you can’t change the ONT as is is locked by your provider then you have to change your LAN to something like 192.168.2.0/24
why do you think it is necessary a different subnet ?
I’ve different IP addresses for router and Ont.
I’ve done a bridge between the Lan and Wan ethernet ports and now I’m able to reach the not web gui
Usually a router routes between different subnets.
DIfferent IP for router and ONT 192.168.1.2 and 192.168.1.1, but both seem like being in the same subnet, from your description it seems like the WAN and LAN network are the same one, which is not the usual way to configure a router.
It depends on your configuration, of course, but normally you will have a dynamic route connection on both the ether1 and ether2 for the whole 192.168.1.0/24 network, and being them dynamic connected they will have distance 0 and likely go in ECMP .
You could make smaller subnets, or use VRF/routing tables/routing rules, but hard to say without knowing your configuration (and requirements) besides not being able to reach 192.168.1.1 there may other possible issues.