How to communicate two networks one device?

rubendario · January 8, 2018, 2:49pm

Mikrotik RB750r2:
Ether1 = WAN
Ether2 = 192.168.10.1/24
Ether3 = 50.60.40.1/24

that both a network and the other can access all its ports and ip addresses.

haik01 · January 8, 2018, 5:23pm

Please explain the terminology “communicate”. What do you mean by that?

Deantwo · January 9, 2018, 10:31am

That is the default on any router, there should be no issue with hosts on ether2 communicating with hosts on ether3.
Unless you have firewall rules preventing the traffic. Or if the hosts are incorrectly configured on the networks, such as wrong default gateways.

So you might need to explain more about what you are trying to do.

rubendario · January 10, 2018, 6:22pm

Mikrotik RB750r2:
Ether1 = WAN
Ether2 = 192.168.10.1/24 (Lan to UBNT with IP Static WLAN)
Ether3 = 50.60.40.1/24 (Lan Admin DHCP Server)

Firewall:

/ip firewall filter
add action=accept chain=forward comment="Debtors - Accepts TCP 80 and 8080" disabled=no port=80,8080 protocol=tcp src-address-list=DEBTORS
add action=accept chain=forward comment="Debtors - Accept UDP 53" disabled=no port=53 protocol=udp src-address-list=DEBTORS
add action=accept chain=forward comment="Debtors - Accepts ICMP" disabled=no protocol=icmp src-address-list=DEBTORS
add action=drop chain=forward comment="Debtors - Dropea All the Rest" disabled=no src-address-list=DEBTORS
	
/ip firewall nat
add action=dst-nat chain=dstnat comment="Debtors - Redirect 80 and 8080 to the Webserver" disabled=no port=80,8080 protocol=tcp src-address-list=DEBTORS to-addresses=0.0.0.0 to-ports=8080
add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=passthrough chain=dstnat disabled=no to-addresses=0.0.0.0

/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

A supposed technician configured the firewall to block clients. I can access the AP (Bridge mode), I can not access the clients (WLAN static, LAN DHCP-SERVER). UBNT Devices.

IPATEAM · January 10, 2018, 6:58pm

Add in your “/ip firewall filter” as the first rule one that allows bidirectional traffic between both networks.

rubendario · January 17, 2018, 1:39pm

so ?

Src. Address: 192.168.10.0/24
Dst. Address: 50.60.40.0/24

Dst. Address: 192.168.10.0/24
Src. Address: 50.60.40.0/24

Deantwo · January 17, 2018, 1:45pm

Yes.

/ip firewall filter
add action=accept chain=forward comment="Allow connection between LANs" disabled=no src-address=50.60.40.0/24 dst-address=192.168.10.0/24 place-before=0
add action=accept chain=forward comment="Allow connection between LANs" disabled=no src-address=192.168.10.0/24 dst-address=50.60.40.0/24 place-before=0

Possibly need accept rules in your NAT firewall too. Since your firewall rules all seem to be so generic that they can affect your traffic between the two networks.

smity · January 22, 2018, 1:59pm

One question. I saw your firewall configuration. If I don’t configure an input or an output interface then this firewall rule works bi-directional?

regards

Anumrak · January 22, 2018, 2:07pm

Yes.