I have two internet connection at the office, Network1 ONE is fast belongs to us at office. our own network, network 2 is slow and managed by an other organization they limit / block some sites…We need to use their network sometimes to get access with their programs hosted by them on their network.
how can i connect ( network 2 ) into my mikrotik in port ether3
and allow only URL/IP of that organization to go through that connection ( network 2)
and other connections will us my own FAST network ( network1 )
Right now only people connected on network 2 can access the programs hosted by network 2
Is there away to connect both network on same mikrotik ? And use network2 only when a request to Network2 is sent?
Otherwise direct all other connection on network1..
If you want assistance,
a. provide config of your mt
/export hide-sensitive file=anynameyouwish
b. provide a network diagram as its not clear where modems and router are connected, and under whose control
what has public IPs and what has private IPs etc…
Is this your complete export? Because it seems to me that you are missing most of your firewall (/ip firewall filter). Combined with having “allow-remote-requests” enabled on your DNS server you are now probably an Open DNS Resolver which means that people are using your router to DDOS other people. I would suggest for you to fix this first (https://help.mikrotik.com/docs/display/ROS/Building+Your+First+Firewall).
First things first: talk to the people who operate the other network. Are they okay with you adding a router there? Are there licensing issues etc? How would they prefer that it is set up? Most vendors/network administrators do not like it if you start introducing other stuff to their network without them knowing about it. I personally would be quite mad if I found out someone silently added another network into my network. (Especially if it is connected to the internet and has no firewall).
The basic idea here is that you take a port, add a DHCP Client (do not let it add a default route) on it, add a NAT Masquerade rule on it and firewall it off correctly (use same filter rules as a WAN port except for the not_in_internet/bogon rules). That’s it, no need for special routing since adding a address in the 10.140.208.0/24 range (by DHCP) will add the correct route.
I see they use a local DNS server, which might complicate stuff a bit if you want to use their URLs and those are not available on the internet (for example myapplication.lan). Then create two static routes for the DNS server to their gateway address and let your entire network use their DNS servers.
