Hello guys, I’m new to MikroTik and RouterOs so I need help.
I have RB435G with 3 subnets-
ether1-WAN-192.168.1.0/30-Connected to ADSL modem in bridge mode
ether2-LAN-10.0.0.0/24
ether3-AUX-10.0.1.0/24
There are two IP pools, two DHCP servers and PPPoE connection over 192.168.1.0
Also I have a NAT rule:src-nat for out interface-PPPoE.
I can ping everything inside any of two subnets and internet hosts, plus gateways to other network but all hosts on other network are inaccessible.
So, the problem is I want both subnets to be fully accessible to each other.
I understand that I can make two rules for src-nat with source addresses 10.0.0.0/24 and 10.0.1.0/24 but in that case as far as I understand every packet coming from on of these networks gets masqueraded and communications with some protocols(like SMB) between subnets would be impossible.
Is there any workaround for this like bridging or something else? Thanks and sorry for my english.
Please post
/ip address print detail
/ip route print detail
/ip firewall export
/interfaces print detail
Hello!
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Main Network Gateway
address=10.0.0.1/24 network=10.0.0.0 interface=LAN_Main
actual-interface=LAN_Main
1 ;;; Lowspeed Gateway for Others
address=10.0.1.1/24 network=10.0.1.0 interface=LAN_Others
actual-interface=LAN_Others
2 D address=192.168.1.2/24 network=192.168.1.0 interface=WAN_PPPoE
actual-interface=WAN_PPPoE
3 D address=85.173.77.108/32 network=83.239.153.138 interface=ADSL_Rostelecom
actual-interface=ADSL_Rostelecom
/ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=83.239.153.138
gateway-status=83.239.153.138 reachable via ADSL_Rostelecom
distance=1 scope=30 target-scope=10
1 ADC dst-address=10.0.0.0/24 pref-src=10.0.0.1 gateway=LAN_Main
gateway-status=LAN_Main reachable distance=0 scope=10
2 ADC dst-address=10.0.1.0/24 pref-src=10.0.1.1 gateway=LAN_Others
gateway-status=LAN_Others reachable distance=0 scope=10
3 ADC dst-address=83.239.153.138/32 pref-src=85.173.77.108
gateway=ADSL_Rostelecom gateway-status=ADSL_Rostelecom reachable
distance=0 scope=10
4 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.2 gateway=WAN_PPPoE
gateway-status=WAN_PPPoE reachable distance=0 scope=10
/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R ;;; WAN
name="WAN_PPPoE" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520
1 R ;;; LAN
name="LAN_Main" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520
2 R name="LAN_Others" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520
3 X ;;; Wi-Fi
name="wlan1" type="wlan" mtu=1500
4 R ;;; PPPoE Client on WAN
name="ADSL_Rostelecom" type="pppoe-out" mtu=1454
And /ip firewall export
# jan/30/2012 03:31:12 by RouterOS 5.12
# software id = T6SD-1421
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes src-address=10.0.0.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.0.1.0/24
add action=masquerade chain=srcnat comment="Default Internet NAT" disabled=\
no out-interface=ADSL_Rostelecom
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
Please note that I’ve disabled nat rules for src-address(Networks would be reachable but SMB won’t work)
Thanks once again.
Still nothing?