how to Different ip range routing

juneto · April 18, 2016, 9:09am

hi,

sorry my english

Untitled-2.jpg
wire port ip range : 192.168.0.x
wireless port ip range : 192.168.1.x

i want wire & wireless route possible

how to routeing table setting?

thanks

mwarren77 · April 18, 2016, 6:11pm

Not sure what your wanting.
It looks like you have routes established to your wired and wireless ports as well as a few others that we cannot see.
If you do not have your route to the internet you will need to add that : 0.0.0.0/0 and gateway.
You will also need a masquerade rule under firewall/nat.

Hope that helps if not let us know.

ZeroByte · April 18, 2016, 6:22pm

In general, your configuration should be perfect - as mwarren77 said, it’s not clear what your goal is here.

If you want wired devices to be able to communicate with wireless devices, then this should already work - if it doesn’t work, then the problem is almost certainly in your firewall filter rules - the FORWARD chain.

Make sure that the forward chain does not block communication between the two networks.

juneto · April 18, 2016, 8:16pm

thanks answer.

i want different local ip range (wire(bridge) : 192.168.0.x to wireless(bridge) : 192.168.1.x) possible communication
Untitled-2.jpg
/ip firewall filter settings

Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward 

 1    ;;; defconf: accept establieshed,related
      chain=input action=accept connection-state=established,related log=no log-prefix="" 

 2    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 3    ;;; defconf: accept ICMP
      chain=input action=accept protocol=igmp log=no log-prefix="" 

 4    ;;; defconf: accept ICMP
      chain=input action=accept protocol=gre log=no log-prefix="" 

 5    ;;; defconf: drop all from WAN
      chain=input action=drop in-interface=ether1-WAN log=no log-prefix="" 

 6    ;;; defconf: drop all from WAN
      chain=input action=drop in-interface=ether2-WAN log=no log-prefix="" 

 7    ;;; defconf: drop all from WAN
      chain=input action=drop in-interface=ether3-WAN log=no log-prefix="" 

 8    ;;; defconf: drop all from WAN
      chain=input action=drop in-interface=ether4-WAN log=no log-prefix="" 

 9    ;;; defconf: drop all from WAN
      chain=input action=drop in-interface=ether5-WAN log=no log-prefix="" 

10    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection connection-state=established,related,new log=no log-prefix="" 

11    ;;; defconf: accept established,related
      chain=forward action=accept connection-state=established,related,new log=no log-prefix="" 

12    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid log=no log-prefix="" 

13    ;;; defconf:  drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-WAN log=no log-prefix="" 

14    ;;; defconf:  drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether2-WAN log=no log-prefix="" 

15    ;;; defconf:  drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether3-WAN log=no log-prefix="" 

16    ;;; defconf:  drop all from WAN not DSTNATe

/ip firewall nat settings

Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface=wire_bridge log=no log-prefix="" 

 1    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface=wireless_bridge log=no log-prefix="" 

 2    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface=ether1-WAN log=no log-prefix="" 

 3    chain=srcnat action=masquerade out-interface=ether2-WAN log=no log-prefix="" 

 4    chain=srcnat action=masquerade out-interface=ether3-WAN log=no log-prefix="" 

 5    chain=srcnat action=masquerade out-interface=ether4-WAN log=no log-prefix="" 

 6    chain=srcnat action=masquerade out-interface=ether5-WAN log=no log-prefix="" 

 7    chain=dstnat action=dst-nat to-addresses=192.168.0.220 to-ports=80 protocol=tcp dst-address=164.125.153.126 dst-port=80 log=no log-prefix=""

/ip firewall address settings

 #   LIST                                 ADDRESS                         TIMEOUT             
 0   wire_port                            192.168.0.0/24                 
 1   wireless_port                        192.168.1.0/24

juneto · April 18, 2016, 8:20pm

thanks answer.

i want different local ip range (wire(bridge) : 192.168.0.x to wireless(bridge) : 192.168.1.x) possible communication

Please see http://forum.mikrotik.com/t/how-to-different-ip-range-routing/97291/1

ZeroByte · April 18, 2016, 9:10pm

I don’t think you want to match NEW connections in your allow/fasttrack rules in the forward chain - that’s… quite dangerous - it basically means “no firewall”

Given that you have 3 wans, almost certainly your problem is because you’re doing a load-balancing thing.

You can override the policy routing with a routing rule:
/ip route rule add dst-address=192.168.0.0/16 action=lookup-only-in-table table=main

juneto · April 19, 2016, 11:53pm

Thank you. Successful