I am new to mikrotik and networking in general and I need help. I have a RB912UAG-2HPnD router, which has a ethernet interface and a wireless interface. I want to join 2 different subnets by routing between the two interfaces. So basically, I want to connect with a computer to the wireless interface and communicate with another wired to the ethernet interface.
I want to mention I tried a lot of things I found online: adding ip routes, adding firewall rules, ip masquerade, etc. and nothing works. It seems simple, but I am missing something.
So I am starting from beginning again:
My configuration:
LAN1: 192.168.89.0/24
LAN2: 192.168.90.0/24 ---> I want to join these two subnets
I know, it seems simple. I have no firewall rules. I reset the configuration and started with no default configuration, to be sure.
But it doesn’t work.
I can ping the interfaces and the devices connected to each of the interfaces from the mikrotik terminal, and it works.
But the communication between the networks doesn’t work.
I have the firewall deactivated on my computer.
Do the computers on both networks know to use your RB as gateway between the two networks?
Or to ask it differently: is this RB the only router in the whole LAN story or is it additional router but there are other main routers in both subnets?
I am testing with a very simple configuration: 2 computers, 1 router.
Computer 1: ip address: 192.168.89.15/24 default gateway 192.168.89.1(ip address of wlan1)
Computer2: ip address: 192.168.90.3/24 default gateway 192.168.90.1 (ip address of ether1)
From the router I can ping both computers, and the interfaces. But I cannot ping Computer2 from Computer1, or the other way around.
I turned off the firewall on both computers.
My computer has 3 interfaces: 2 are ethernet and 1 wireless. My wireless interface was connected, as mentioned before, to the mikrotik router (192.168.89.1/24), and an ethernet interface to another network (192.168.19.0/24). When I disconnected the ethernet interface from 192.168.19.0/24, 192.168.89.0/24 started to communicate with 192.168.90.0/24 through the mikrotik.
I don’t know why, but it works now.
The problem was in the routing information on your computers … when computer gets configuration via DHCP, it usually gets default route. If some computer receives two such configurations (for two distinct interfaces), then it’s somehow undefined how it routes own traffic. It receives two different gateways for default route, at the end of the day relative importance of individual interfaces (as determined by OS) might affect the routing. It seems reasonable that wireless interface has lower priority than wired one.
Let’s say I have 2 interfaces on my computer: ether1 and wlan1.
Ether1 receives address and default gateway from DHCP server, and default gateway address is 192.168.19.1.
Wlan1 is set with ip address 192.168.89.15 and default gateway 192.168.89.1.
Wouldn’t any packet sent to another subnet from Wlan1 choose the gateway in the same subnet as Wlan1?
Or there is just one default route, which can have only one gateway? (it might be a stupid question)
The problem is likely in your computer not in your router.
The intended use of your MikroTik router is perfectly OK. It will work fine this way, assuming you took those two interfaces out of the bridge interface that normally joins them in the default config.
When they are separate interfaces each with their own address, DHCP server and corresponding network, and proper (or no) firewall rules, it will be fine. Also check the membership of the interfaces list, instead of having bridge as member of list LAN, you should hav ether1 and wlan1 (at least when you want to use the default firewall setup).
However, what makes it fail is likely the firewall setup of your computer.
By default, many modern systems are setup to allow a little more from the local network than from other networks.
The computer likely does not reply to ping requests from the other subnet until you change its firewall configuration.
mkx was right, it was from windows. It was because I had configured 2 gateways on my computer: one configured manually by me on one interface, and one from the DHCP server on another interface.
Packets targeting directly accessible subnets will leave via corresponding interface.
The original problem involves 3 subnets:
192.168.89.0./24 … computer has address 192.168.89.15 and can communicate with any devices withing this subnet (including 192.168.89.1 which happens to be gateway for this subnet)
192.168.90.0/24 … computer doesn’t know anything about it
192.168.19.0/24 … computer has address in this network and can communicate with devices from this subnet, (including 192.168.19.1 which happens to be gateway for this subnet)
Computer has got two default routes, one via 192.168.89.1 and one via 192.168.19.1. As I wrote earlier then it’s a minor magic to determine which default gateway it chooses to use, one common way (at least on windows machines) is to prefer wired interface over wireless (if you really want to, you can change priorities by setting different interface metric - dug deep in advanced IPv4 settings).
This principle doesn’t apply only to default route, it applies to any route with same target (as defined by network address and subnet mask, e.g. 10.13.0.0/16 … default route is simple alias for route targetting 0.0.0.0/0) which has more than one gateway available.
When computer wants to communicate (or reply to communication request sent by other party) with device in 192.168.90.0/24 subnet it notices it hasn’t direct route towards it so it uses default route. In case where it actually has two default routes, chooses the most preferable one, in your case it was via 192.168.19.1 … and that one didn’t know how to deal with it.