Route between two LANs Newbie question

RouterOS Beginner Basics
1

Hi Hope someone can point me in the right direction.

I have a RB450 (updated to RouterOS 5.20)

2 LANs (172.16.1.0/24 (Main LAN) and 172.16.99.0/24 (Other LAN))

I would like the machines on the two LANs to be able to connect to each other through the router.

I have done a factory reset of the routerboard using winbox and the first time I connect I have said don’t do the default config (I have also tried letting it do the default config).

Then added the two interface addresses:

 /ip address
add address=172.16.1.251/24 comment="Main LAN" disabled=no interface=\
    ether2 network=172.16.1.0

/ip address
add address=172.16.99.251/24 comment="Second LAN" disabled=no interface=\
    ether5 network=172.16.99.0

I then added what I think is a firewall rule to allow forward between the two (i’m guessing this is where I am missing the point !) :

/ip firewall filter add action=accept chain=forward in-interface=ether2
/ip firewall filter add action=accept chain=forward in-interface=ether5

(there are no other firewall rules)

Then plugged a network cable into ports eth2 and eth5 of the routerboard from the respective network switches.

on a machine (172.16.1.141) on the 172.16.1.x network I have added a route
route add 172.16.99.0 mask 255.255.255.0 172.16.1.251

on a machine (172.16.99.20) on the 172.16.99.x network I have added a route
route add 172.16.1.0 mask 255.255.255.0 172.16.99.251

from the machine (172.16.1.141) on the 172.16.1.x network I can ping 172.16.99.151 (the other port on the router) and this works fine but I can’t ping an actual machine (172.16.99.20).

If some one could help me I would be very grateful.

As you can tell I am RouterOS Newbie!!

Thanks

2

You need to add 2 routes:
dst address 172.16.1.0/24 gateway ether2 (optionaly you can put pref source 172.16.1.251)
dst address 172.16.99.0/24 gateway ether5 (optionaly you can put pref source 172.16.99.251)

Regards

3

Thanks jadu

That has worked, when I added the IP addresses to the two ports originally, two routes very similar to the two you suggested where created automatically, so I assumed they did not need to be manually added.

So you can see there is now two of each, is this correct ?

[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADC  172.16.1.0/24      172.16.1.251    ether2                    0
 1   S  172.16.1.0/24      172.16.1.251    ether2                    1
 2 ADC  172.16.99.0/24     172.16.99.251   ether5                    0
 3   S  172.16.99.0/24     172.16.99.251   ether5                    1
[admin@MikroTik] /ip route>

Thanks

4

The routes that were added automatically when you’ve added the manually ones they will be deleted as well when you delete the manually routes.

5

This topic is important and useful

6

I have bridge that I have assigned ip 172.16.2.254/24 and ip 172.16.1.254/24
The solution posted above always works when dealing with individuals ether ports but how comes it doesn’t work when using a bridge? I still cant ping devices from the other network. I can only ping 172.16.1.254 and 172.16.2.254 only.
I have tried to put the static routes 172.16.1.0/24 gateway:172.16.1.254 and 172.16.2.0/24 gateway:172.16.2.254 but still cant ping across.
Kindly assist.

7

Hi i have RB2011UiAS and i configured it as the following:
ether 1 → WAN 1
ether 9 → WAN 2
ether 2 → lan (192.168.10.0/24)
ether 3 → lan (192.168.20.0/24)
ether 4 → lan (192.168.30.0/24)

this is my route:

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 6.10.15.25 1
1 S 0.0.0.0/0 192.168.1.1 1
2 ADC 6.10.15.24/29 6.10.15.26 ether1 0
3 DC 192.168.1.0/24 192.168.1.200 ether9 255
4 ADC 192.168.10.0/24 192.168.10.1 ether2 0
5 ADC 192.168.20.0/24 192.168.20.1 ether3 0
6 ADC 192.168.30.0/24 192.168.30.1 ether4 0
7 ADC 192.168.40.0/24 192.168.40.1 ether5 0
8 DC 192.168.50.0/24 192.168.50.1 ether6 255
i marked the WAN interfaces to separate the internet between my networks

I have a web service working on 192.168.10.10 ip address and i want to make it reachable from 192.168.20.0 network.
Thanks