I have a routerboard 1100 AH, RouterOS v6.18
eth1 - 210.4.73.114/24 [WAN]
eth2 - 192.168.200.1/24 [LAN 1]
eth3 - 192.168.0.254/24 [LAN 2]
how do i connect to both LAN from one another?
Can someone pls help tell me how to do it with.
Hi,
I don’t fully understand the question.
Do you want both lan subnets to be able to reach the internet?
I assume that you don’t have any nat rules at the moment.
If so then this will solve the issue(if I understand you correctly)
/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
I have a server at 192.168.0.200, i just want to access it from 192.168.200.0/24
i can ping and tracert it to reach server but when i try to browse shared folders sometimes i can but most of the time i can’t.
pls help.
If you want two independent LAN segments behind a single router, then p3radox’s single NAT rule is the best way to properly configure your nat because it will only do NAT when traffic goes out to the Internet, but not lan1<>lan2 traffic.
You will also need to make sure that the filter table isn’t blocking traffic from LAN1 to LAN2.
A filter chain should roughly have this flow:
1: allow established/related connection-state
2: allow specific things you want
3: drop everything else
part 1 is usually done with two rules that look the same, but the action is fasttrack-connection for the first rule and accept for the second rule. This is how to get maximum performance from the router.
part2 depends on what you want. If you only want lan1<>lan2 to work (in both directions) as well as anyone → Internet, then one simple rule can actually define this policy:
action=accept in-interface=!wan (in Winbox, the ! is a little checkbox next to the interface selection, and it means ‘NOT’)
and then part 3 is just one rule as well:
action=drop (no criteria at all - just a drop action)
My current configuration looks like this
Okay - the link from the 750 to the 1100 should be a completely different IP network. This will make your life so much easier.
On the 1100, make sure that port 3 is no a member of any bridge or switch or anything like that.
Put the IP address 192.168.255.2/30 on the interface
In the firewall, make sure that there is no NAT rule that will match on traffic going through this interface, and that connections going through this interface are going to be allowed.
e.g. :
/ip chain forward add in-interface=ether3 action=accept
/ip chain forward add out-interface=ether3 action=accept
Then add a static route:
192.168.0.0/24 gateway=192.168.255.1
On the 750, I don’t know what port # you used so let’s say ether5…
Make sure that ether5 isn’t part of any switch or bridge.
Put IP address 192.168.255.1/30 on ether5 interface
Create a static route 192.168.200.0/24 gateway=192.168.255.2
Make sure the firewall doesn’t do NAT for traffic going out the interconnect link, and that firewall filters allow it.
Since you’re doing multi-ISP, I assume that you’ve got one of those wild and crazy rigs with all of the mangle rules for policy routing. If so, then be sure to add the static route for every routing mark that you use, and manually add the connected route 192.168.255.0/30 for every routing mark as well.