Hi All,
It’s my first experience with routerboard and i try to join two different networks on one routerboard (ether1=192.168.1.X and ether2=192.168.2.X).
For do this, i config on ether1 192.168.1.1/24, on ether2 192.168.2.1/24, i already config two different DHCP server, one for each port.
So, i ask on italian forum and they said that i make static route, i read the wiki but i don’t understand how i can make a static route for routing all packet from 2.0 network to 3.0 network and viceversa.
Someone can help me?
If you run the command /ip route print, what do you see?
You need to sharing file or connect to computers network from two different ip of ether 1 and ether 2?
The routes are already there, because the subnets are directly connected to the router.
What you need are firewall rules in the forward chain allowing traffic between the subnets.
The easiest way is to put a single rule there, allowing traffic from src-addr 192.168.0.0/16 to dst-addr192.168.0.0/16.
To be more strict, you can add 2 rules instead of it, for each network as src and the other as destination.
Thanks all for reply.
I need to share resources between two network (smb,cifs, and more).
I tried to do a firewall rule like docmarius says, but the result it’s the same, host in 2.X can ping host in 3.X but not viceversa.
Actually (and work without any type of configuration!), from 2.X network to 3.X network i can ping the host, but only from host in 2.X.
The route that i make is attached below!
See and let me know how i can resolve…
PS: Now i attacched the route that i create…
After when you finish apply to added ip route between to routers. And 3.x cant ping in to 2.x
You can try to off “disable” firewall windows in network 2.x then you can try ping finally you see reply ping from network.viceversa.
Regards
If you use windows machines on the networks, please take in account that the default windows behavior is to NOT respond to pings and NOT TO ACCEPT CONNECTIONS from outside its own subnet.
So to be able to reach each other without modifying the windows firewalls, you need masquerade on both network interfaces, so that computers on the network see te external requests as internal to the subnet.
Anyhow, broadcasts will not be forwarded between them, so netbios browsing will not be possible unless you deploy a common WINS server for both subnets.
Finally Works!
Thank u all for help me to solve this lab test that i make!
For help all i do this steps:
Remove bridge interface (and set “none” in master port in all port), assign the address (IP->Addresses), set dhcp, one for each ports. In routes, click on the rules and add a new rules than the source addr. of the network in the first port, in dest. address set 0.0.0.0/24 (all ip), then in interface set the ethernet port of the destination network. i already set in table “main”.
Make another one rule for the viceversa.
Remeber disable windows firewall, because i solve disabling!
Sorry for my horrible english, but italian forum…
PS: How i can create a rule in windows firewall for allow in connection from another network?
Another thing, i can allow broadcast traffic from first network into second network?
Good job getting things rolling - but one thing to point out - you don’t need the static routes with dst=0.0.0.0/0 or any route rules.
The router will naturally know which interfaces it should use to forward traffic for the locally-connected subnets.
Not sure about the Windows firewall question (I pretty much just work with routers, so I’ve fallen away from any real level of knowledge about Windows)…
But I can say that you cannot forward the broadcasts between networks - that’s the entire purpose of having different networks.
Some routers (e.g. Cisco) do have what’s known as “helper addresses” where you can configure them to listen to broadcasts of specific UDP ports on one interface and forward them as unicasts to a specific IP address… But Mikrotik doesn’t have this kind of feature, except for the DHCP relay service, which is actually just a special case of generic UDP broadcast->unicast “helpers”
Just remember the following:
- L1 device: Hub/coax ethernet - a single colision domain, a single broadcast domain
- L2 device: switch/bridge - multiple colision domains, a single broadcast domain
- L3 device: router - multiple colision domains, multiple broadcast domains
Any device working at a specific layer does not native forward its broadcasts across domain boundaries.
So a L2 device will not forward collisions, and a L3 device will not forward IP broadcasts and multicasts without additional helpers.
In Linux, e.g. we have bcrelay as a helper. Some routers employ other mechanisms.(dhcp proxy, multicast proxy, pim).
Because of this, the correct cross-broadcast domain implementation of a windows network is actually to use a WINS server, which accepts multi-subnet registrations, and allows multi-subnet browsing and name resolution. This contratsts with the classic SMB/netbios name resolution, which is broadcast based and can not cross L3 domain boundaries.
Anyway, SMB resource access is unicast, so directly addressing a windows host by IP or host name (not windows name) is still possible across subnets.