join two subnets

spidergrinch · July 11, 2018, 10:53pm

ether1=wan
ether2=wan2
ether3=wan3
ether4=LAN =>192.168.1.254/24
ether5=LAN2 =>192.168.2.254/24
What should I do to see the LAN host on LAN2 and LAN2 on the LAN? Thank you.

mkx · July 12, 2018, 2:05pm

Depending on your current setup, but basically no ethernet ports should be member of same bridge. If what you wrote is the whole lot, you can do without single bridge defined.

Then you need to assign IP addresses to both LAN ether interfaces appropriate for given network range

/ip address
add address=192.168.1.254/24 interface=ether4 network=192.168.1.0
add address=192.168.2.254/24 interface=ether5 network=192.168.2.0

Then you need to allow IP traffic between the two networks. AFAIK there is no general FW rule that forbids traffic between different subnets in chain=forward so if you (or some other router admin) didn’t add some, hosts from LAN and LAN2 should “see” each other. If you do have some general “action=drop chain=forward” FW rule in place, you’ll need to add rule that allow traffic between the two networks. Such as

/ip firewall filter
add action=accept chain=forward comment="allow traffic between LAN and LAN2" src-address=192.168.1.0/24 dst-address=192.168.2.0/24
add action=accept chain=forward comment="allow traffic between LAN and LAN2 (reverse direction)" src-address=192.168.2.0/24 dst-address=192.168.1.0/24

or, using address lists

/ip firewall address-list
add address=192.168.1.0/24 comment="LAN" list=local_LAN
add address=192.168.2.0/24 comment="LAN2" list=local_LAN
/ip firewall filter
add action=accept chain=forward comment="allow traffic between local LANs" src-address-list=local_LAN dst-address-list=local_LAN

This way is much more readable (and execution efficient) when number of LANs you want to pass traffic between becomes larger than 3 or so (with first way of doing it you need to add a pair of FW filters for each pair of LANs).

Beware: even if you do everything right, there are some services that rely on broadcast packets (windows domain browsing, DLNA server detection, …) and to make those services work between two networks, there are a few more steps to be done.

sid5632 · July 12, 2018, 11:36pm

Define “see”. It’s meaningless.

AlainCasault · July 30, 2018, 7:22pm

Hello,

You realize that you’ll never get a answer.

Your reply is totaly impolite and uncalled for, especialy considering that MKX used the same word (see) that YOU did in your question. BTW, his answer was complete and clear. If you had bothered reading the text rather than criticizing it, you’d understand what he’s saying.

ether1=wan
ether2=wan2
ether3=wan3
ether4=LAN =>192.168.1.254/24
ether5=LAN2 =>192.168.2.254/24
What should I do to > see > the LAN host on LAN2 and LAN2 on the LAN? Thank you.

Good day,

sindy · July 30, 2018, 7:32pm

Alain, take it easy, the OP and the guy who has upset you are two different people So the OP is most likely happy with Metod’s response

AlainCasault · July 30, 2018, 10:48pm

Well, call me old fashioned, but I still believe in respect.

Take care.

Sent from Tapatalk

AlainCasault · July 30, 2018, 10:50pm

Just to be clear. The op is the one that upset me. Mks was perfect.

Sent from Tapatalk

sindy · July 30, 2018, 11:34pm

OP is @spidergrinch. The one who upset you was @sid5632 and he was quoting the OP and asking him to elaborate (surprisingly long after @mkx has provided his response).

AlainCasault · July 31, 2018, 1:35am

Guess how looks silly now

Ok. I’ll close this chapter.

Sent from Tapatalk

sid5632 · July 31, 2018, 5:26pm

Can’t really be bothered to argue, but…

mkx even put “see” in quotes, just like that, because he knew it was meaningless too, like me.

The original poster has, of course, not bothered to reply, so who knows whether he’s even read any of this thread after posting the meaningless drivel that was his message. You might assume he has. I assume he hasn’t (write-only poster with post count of 1).
People like that don’t really deserve any better. “See” really is completely meaningless when applied to networking - it means different things to different people at different times. How anybody can even begin to answer such a vague question really is impossible to know.

If Alain is upset by “Define see. It’s meaningless” then he really needs to grow a pair. Truth hurts and all that.

And 9 hours isn’t a “surprisingly long time”. Really, it isn’t.

spidergrinch · July 31, 2018, 6:13pm

I think that in the end it was not difficult for the term “see” mkx understood it, it’s just using the logic of what is being talked about.

but it is a forum to help and not to be bothered by the terms that one uses.