RB750 as router between 2 networks

RouterOS Beginner Basics
1

Hello,
i’m trying to setup Mikrotik RB750 as router to route between two separate networks. Both networks are on separate switches, first net is 192.168.10.0/24, second 192.168.11.0/24. I’ve connected RB750’s eth1 to one switch eth2 to second switch and set ip addresses for both interfaces: eth1 - 192.168.10.1/24, eth2 - 192.168.11.1. I’ve cleared all settings on RB750 so that only those two interfaces are active. Then i set gateway for computers in 192.168.10.0/24 net to use as gateway 192.168.10.1 and in second net to use as gw 192.168.11.1. And it not works…
I can’t ping computers from one net in other net, can’t telnet. Even from Microtik when using ping utility i select to ping 192.168.10.100 (which is computer with gw 192.168.10.1) from eth2 (ip 192.168.11.1) i have request timeout.
So i don’t get it: Mikrotik does not forward packets between interfaces by default?

Could anyone explain to me how it can be done (without bridging them)?

2

If the computers and routers on each network ask it to, it will. If you have not routed each of those 192.168.x.x subnets to the RB750 interface, then the other computers and routers send the request out their respective default gateway.

Is this RB750 your default gateway (internet connection route) for both networks?

3

thanks for reply,
i don’t understand how to route to RB750 interface. On linux system i would do the net.ipv4.ip_forward=1 in sysctl.conf and it works as router.

Edit: answer to question: no RB750 is not default gateway to internet, it does not have default route, i deleted it.

4

Is the RB750 your internet connection? Or is it just between the two networks? Normally 192.168.x.1 ip is the default gateway. What is the default gateway ip on those two networks?

5

no RB750 is not default gateway to internet, it does not have default route, i deleted it.

6

Then you will need to insure you don’t have duplicate ips on each network. Check that the 192.168.10.1 and 192.168.11.1 ips are not assigned to another device. If they are, change the ip.

I am not sure about iptables. I use shorewall. But in RouterOS
On the 192.168.11.x computers and routers:

/ip route
add dst-address=192.168.10.0/24 gateway=192.168.11.x

On the 192.168.10.x computers and routers:

/ip route
add dst-address=192.168.11.0/24 gateway=192.168.10.x

Replace x’s with the ip of the RB750 interface on each network. Now you have them set to .1

7

Is it possible to make the RB750 the default gateway (internet connection) for both networks? That would make this simple!

8

There is no duplicate ip’s on both networks. I’ve tried to do as you suggested but no luck.
Here is my routing table:

/ip route> print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY          DISTANCE
 0 ADC  192.168.10.0/24    192.168.10.1    eth1             0       
 1   S  192.168.10.0/24                    192.168.11.1     1       
 2 ADC  192.168.11.0/24    192.168.11.1    eth2             0       
 3   S  192.168.11.0/24                    192.168.10.1     1
9

Don’t add those routes to the RB750. Only to the other computers and routers on each network.

Before you try anything else, does each network already have a default route to the internet through another device? Or are these private nets only with no internet access?

10

Computers for now don’t have access to the internet.
I’m for now just trying to setup test environment to check if it works. Actually it’s just two computers two switches and Mikrotik between them.
I’ve tried to add route to machine (WinXP) in 192.168.10.0/24 like:

route add 192.168.11.0 mask 255.255.255.0 192.168.11.1

but:

The route addition failed: Either the interface index is wrong or the gateway do
es not lie on the same network as the interface. Check the IP Address Table for
the machine.

So, machine does not allow to add route from different subnet.

11

OK! This should be easy.
Assign 192.168.10.1 as the gateway in each computer network settings on the 192.168.10.x network
Assign 192.168.11.1 as the gateway in each computer network settings on the 192.168.11.1 network

Insure you can ping both 192.168.10.1 and 192.168.11.1 from each computer on both networks.

12

Done that. I can ping 192.168.10.1 and 192.168.11.1 from 192.168.10.0/24 network and 192.168.11.1 and 192.168.10.1 from 192.168.11.0/24 network. But can’t ping computer from one network to another network.

13

If there are any entries in “/ip firewall nat” and “/ip firewall filter”, would you please post those?
And check your computer firewalls. Insure they are not blocking anything you want to access.

14

nat:

 /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0 X ;;; default configuration
     chain=srcnat action=masquerade out-interface=eth1

filter:

[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
[admin@MikroTik] /ip firewall filter>
15

Disable the entry in “/ip firewall nat”. That is causing the connection problem. You will want that masquerade on the interface you will eventually connect to the internet. But not on any localnet interface. Then you should be good to go! :smiley:

ADD: My bad. I see it is disabled. Check your computer firewalls! Insure you can ping each computer on your localnet also.

Did you remove the extra entries in “/ip route”? Maybe if you are still having trouble, post that again just to make sure.

16

oh my :slight_smile:
actually it was disabled (the ‘X’ symbol in

0 X ;;; default configuration

) but i deleted the rule and now it works!
Thank you very much! :smiley:

17

You are welcome! Glad I could help. Thanks for the karma. :smiley: