Network Configuration Help

aomu · August 25, 2019, 6:04pm

Hello,

I have the following question.

I have a RB951G-2HnD, with actual software 6.45.3. It is configured as an access point as following.

The first ethernet interface is connected to the local (wired) network 192.168.20.x. Through this interface the RB951G is also connected to the internet.
The wireless interface is connected to the first ethernet interface via NAT. The wireless interface is also connected to the RouterOS’s internal DHCP server, which gives the IP addresses to the wireless clients; the network is 192.168.60.x.

The problem: ideally, I would like to connect from every host on a wired network (192.168.20.x) to any host on the wireless network (192.168.60.x). it works perfectly in another direction, but I don’t know, how to accomplish a “backward NAT”. Is it possible?

The real problem: I need a connection from one Windows host on a wired network (it has an IP 192.168.20.14) to one host on the wireless network (it has an IP address 192.168.60.230, which it receives from the RouterOS’s DHCP reservation). Now I’m sorting this problem on a strange way: I created a PPTP profile, which receives an IP address from the “wireless pool” and I connect this Windows host to this PPTP connection, so that it is on the same network as the wireless network - on this way the Windows host connects to the host on the wireless network.

I would like to get rid of the PPTP connection: this Windows host needs a permanent connection to the host behind the NAT.

Is there a way to accomplish it?

Many thanks in advance.

Sob · August 25, 2019, 6:28pm

So there’s another router actually connecting the whole network to internet? Then the solution should be simple, on that router add new static route to 192.168.60.0/24 with gateway 192.168.20.X where X is whatever the RB has.

aomu · August 25, 2019, 7:09pm

Thanks, it is the way to go.

I added a static route, not on the router connecting the network to the internet, but rather directly on a Windows box, which needs to connect to the wireless network.

The RB has an IP address 192.168.20.252 on wired network, so the command on Windows was:

route -p add 192.168.60.0 mask 255.255.255.0 192.168.20.252

I also added a NAT rule on the RB like this (nothing worked without this rule):

/ip firewall nat
add action=passthrough chain=srcnat out-interface=bridge-wlan comment=“Traffic from LAN to WiFi”

It works perfectly now.

Sob · August 25, 2019, 7:53pm

The part about the rule doesn’t make sense, passthrough is basically a “do nothing” action. According to manual:

passthrough - if packet is matched by the rule, increase counter and go to next rule (useful for statistics).