Multiple subnets/wans routing

wolfram · May 24, 2017, 5:25pm

Hi, I need help with Multiple subnets/wans routing network topology .
Issue is that I can not ping gateway of Zyxel network (172.16.10.1) from bridge1 on Mikrotik (192.168.10.0/24) although I can ping all other Zyxel network members (172.16.0.0/16). What is wrong (wireless station mode of wlan, arp mode or source nat?

[hineni@kavka] > ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                               
 0   10.7.125.134/30    10.7.125.132    ether1                                                                                                  
 1   192.168.10.1/24    192.168.10.0    bridge1                                                                                                 
 2   172.16.10.200/16   172.16.0.0      wlan3                                                                                                   
[hineni@kavka] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ether1                              ether            1500  1526            00:0C:42:77:71:F7
 1  RS ether2                              ether            1500  1522       1522 00:0C:42:77:71:F8
 2  RS ether3                              ether            1500  1522       1522 00:0C:42:77:71:F9
 3  RS ;;; FAZIN
       wlan1                               wlan             1500  1600       2290 00:0C:42:6D:53:C2
 4  R  ;;; ZYXEL
       wlan3                               wlan             1500  1600       2290 00:0B:6B:84:95:12
 5  R  bridge1                             bridge           1500  1522            00:0C:42:6D:53:C2
[hineni@kavka] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE                                               BRIDGE                                              PRIORITY  PATH-COST    HORIZON
 0    ether2                                                  bridge1                                                 0x80         10       none
 1    ether3                                                  bridge1                                                 0x80         10       none
 2    wlan1                                                   bridge1                                                 0x80         10       none
[hineni@kavka] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          10.7.125.133              1
 1 ADC  10.7.125.132/30    10.7.125.134    ether1                    0
 2 ADC  172.16.0.0/16      172.16.10.200   wlan3                     0
 3 ADC  192.168.10.0/24    192.168.10.1    bridge1                   0

gustavomam · May 25, 2017, 6:59am

Please explain better what you want to achieve.

Load balancing?

wolfram · May 25, 2017, 7:08am

I dont want load balancing mikrotik have default route only on wan1, Zyxel LAN network should be only accesible from mikrotik.
I would connect to Zyxel router itself for management (172.16.10.1) from computers on bridge1 (192.168.10./24).
Now I can connect only all other computers on (172.16.0.0/16) but not Zyxel itself (172.16.10.1).

gustavomam · May 25, 2017, 7:59am

You should add static route on Zyxel Router to access other routes.

If Zyxel have default route pointing internet, it couldn’t access inside networks.

Regards.

wolfram · May 25, 2017, 10:34am

You are right about static route on Zyxel if I want connect Mikrotik lan network from Zyxel network, but I do not want.
I want connect only from Mikrotik network to Zyxel network and I already have static route on Mikrotik for this (ADC 172.16.0.0/16 172.16.10.200 wlan3).
I can connect now from Mikrotik all Zyxel network (172.16.0.0./16) except Zyxel itself 172.16.10.1 how can I fix it?

gustavomam · May 26, 2017, 6:43am

Did you check if you have some firewall in Zyxel router?

wolfram · May 26, 2017, 6:54am

Thats not a problem, I can connect to Zyxel from its local LAN without problem. Zyxel is dumb device, anyway firewall is off.

gustavomam · May 26, 2017, 8:31am

From witch IP Adress are you trying to connect?

wolfram · May 26, 2017, 8:43am

As I wrote before I try to connect from any of this IP range (192.168.10.0/24 - mikrotik LAN bridge1) to 172.16.10.1 ( I can connect all subnet 172.16.0.0/16 except 172.16.10.1).

gustavomam · May 26, 2017, 9:48am

Try to add this firewal nat rules to your MikroTik Router

add action=masquerade chain=srcnat src-address=192.168.10.0/24
add action=masquerade chain=srcnat dst-address=192.168.10.0/24

If the ping works it confirms the problem is in Zyxel routing table.