Hi everyone
I have the following situation
Router hapAC2 6.47.10
At the First interface I have a network 192.168.1.0/24 (the ip address pool is from 192.168.1.10-192.168.1.99), and in this network I have a server with an ip address of 192.168.1.100
On the second interface, I have only one client with the IP address 192.168.1.101
They NOT bridged
How can I tell the router “if you receive a packet for ip 192.168.1.100 on the second interface - put this packet on the first interface and vice versa”?
Which tool should be used to transfer packets from one port of the router to another port of the router, based on - IP address. Preferably without changing the sender’s IP address?
This normally works automatically if different subnets are attached to each interface. So if you assign e.g. 192.168.1.1/25 to the first interface, and 192.168.1.129/25 to the second one, and give the host connected to the second interface an address like 192.168.1.130/25 instead of 192.168.1.101/? it currently has, it will work (unless firewall rules say "do not forward traffic between 192.168.1.0/25 and 192.168.1.128/25).
Big thanks for you answer,
yes - it will be works, and i find another way - its turn up “proxy-arp” on bridge
but all of this instrument - it’s have low level usability for my task (proxy-arp - i can’t control packages between interface, make are different networks (divide /24 by 2 network at /25) - in my situation not good idea because i can’t control and some times i can’t write are routes on end point devices).
I thought there was a simple tool at mikrotik that allows you to simply shift packages by some attribute
Technically you can’t do this. You can’t “route” between different ip addresses in the same subnet (or domain or whatever)
If you have different subnets you can do a destination-nat where you substitute the address. since this is done in the firewall you keep total control on the packets that can go thru that.
Say you want devices on the network 192.168.1.0/24 be able to access a device on 192.168.1.101 for port1
and in port2 you have the server machine that is on ip 192.168.0.101, not bridged no routing no proxy.
Then you add /ip firewall nat add chain=dstnat dst-address=192.168.1.101 action=dst-nat to-address=192.168.0.101
It basically captures all packets to 1.101 and nats it to 0.101
Thanks for you answer
yes - i understand that i can’t do routing between “similar” IP address in one subnet - its routing works on 3 level model OSI
but i think that have any tool that allow “take one packet fome First interface and put this packet on Second interface, by some attribute”, in my imagination it’s tool must work on 2 level OSI with reading some parameters from package
Yes in classic routing scheme i must give are different subnet for different hosts and make are routing by firewall rules, but it’s amazing to me that on a router I can’t do simpler things than IP routing, just shifting packets between two interface
It should not surprise you that a thing called “router” is primarily designed for routing
It should be possible to do it your complicated way if you really need so. Assuming that the “main” 192.168.1.0/24 is attached to ether3 and the “client-only” 192.168.1.0/24" is attached to ether4, you can add two more routing tables, each with a single default route:
Then, you add routing rules to override the regular routing: /ip route rule
add interface=ether3 dst-address=192.168.1.101 action=lookup-only-in-table table=via-ether4
add interface=ether4 src-address=192.168.1.101 action=lookup-only-in-table table=via-ether3
But you still need that the router itself responds with its own MAC address to the ARP requests coming from both the client at 192.168.1.101 and from all hosts responding to the client from the other LAN, because otherwise those devices wouldn’t send their traffic to the router at all. If you enable proxy-arp, the router will likely respond to ARP requests for any address within the 192.168.1.0/24, which is not what you want, as that would interfere with communication between hosts in the same LAN. So try creating static ARP records with publish=yes, it should act as a “selective proxy-arp”.
Very big thanks
You answer is are brilliant - they have clear instruction and little bit close for solution that i need
Will be assume that there is no simple tool for my task, and there is no point in looking further
I will try to implement as you advised through Static ARP recording, and use scripts to dynamically add new connected clients to ARP recording
