Hi all!
Just wondering whats the best practice in setting up a multi router network correctly.
Looking at following diagram:
These two RB951 routers are in standard configuration with eth1 as gateway to WAN and port2-5 on bridge1.
Except router1 which has 2 bridges (bridge1,bridge2). The second bridge is connected to bridge1 of the second router and has 192.168.1.253 address on port 5 and 2-4 on port1.
The second router has a route implemented to point the 172.16.1.0/24 net to the first router:
/ip route add dst-address=172.16.1.0/24 gateway=192.168.1.253
If I want to reach some clients from 192.168.1.0 to 172.16.1.0 network sometimes I get blocked invalid forwarding packets in ip firewall filter.
Is this the right way to connect two networks internaly?
Best regards
You don’t need two bridges. Create a “transit” network between the two routers. Suppose you use ether5 on each router to connect them together - on both routers, remove ether5 from all bridges, and on the top router, remove bridge2 and remove the 192.168.x.253 IP address.
Then on ether5 make the top router be 192.168.255.1/24 and the bottom router be 192.168.255.2/24
Then in top router, add a static route dst=192.168.1.0/24 gateway=192.168.255.2, and in the bottom router add the static route dst=172.16.1.0/24 gateway=192.168.255.1
make sure that both routers will only do SRCNAT (masquerade) for out-interface=wan (don’t use IP addresses) and make sure the forward chain of their filter rules will allow new connections with out-interface=ether5
This is the clean way to do this and it won’t cause any ICMP redirects or cause packets from 192.168.1.x to bounce off of the bottom router back out to the top router - the bottom router will now simply forward them along ether5 which is normal.
Thank you, works like a charm!