Setting Help needed: Other comp connect to mikrotik subnet

dadinugroho · April 29, 2016, 3:52am

Hi All,

I am connecting a mikrotik to my Linksys X3500 ADSL modem (192.168.1.1). In addition, I connect a server to mikrotik, and give it address 192.168.88.211.

The thing is, from the server, I can access other server connected directly to the modem (IP: 192.168.1.250). also connect to the internet.

But, from my client (192.168.1.101) and server 192.168.1.250), I cannot connect to the server (192.168.88.211) and mikrotik 192.168.88.1

I set the mikrotik as follow
Internet:
Address acquisition Static
IP 192.168.1.111/24
Gateway: 192.168.1.1
DNS 192.168.1.1

Local:
192.168.88.1/24

Any help?

TIA

Daniel

Sob · April 29, 2016, 11:05am

Judging by the .88 network, does your MikroTik router perhaps have default config? If so, it would be prepared for standard WAN-LAN and configured to not let anything in from WAN to LAN.

Another possibility, even if you allow new connection from .1 to .88 network, other machines in .1 network need to know where to find .88 network. So you need to either add static route to them or to their default gateway, i.e. the modem.

dadinugroho · April 30, 2016, 2:36am

Yes, it is default config setting. Any help on allowing route to LAN from WAN?

I already set the config on Linksys router but still not working. Should I set something on the mikrotik?

Sob · April 30, 2016, 11:41am

Look at filter rules in IP->Firewall. Depending on how much security you need between the two networks, easiest way is to remove all rules in forward chain and it will allow anything. If you want to limit something, just add the right rules, block/allow specific hosts, ports, … You also won’t need default masquerade rule in IP->Firewall->NAT.

One question I have to ask, for any reason, you do want to have separate networks, right? Or did it “just happen” when you plugged the router in?

dadinugroho · April 30, 2016, 2:46pm

Yes, it is true. I just plug the mikrotik into my linksys. Default config are used and not changed.

At first, I want the network inside mikrotik can only be accessed through VPN. (I can set VPN to work although not sure it is correct setting, but just work). The reason is that the server inside mikrotik should not be visible in my internal network.

However, when, development in progress, I have difficulty with this setting. That;s why I want to be able to access the server inside mikrotik without vpn.

I agree, I completely messed up. Thank you for pointing out my mistakes.

sash7 · April 30, 2016, 3:14pm

maybe simple dstnat rule to server ip/port and you can access it on wan ip address

Sob · April 30, 2016, 3:57pm

Exactly. If you do want two networks and the internal one should be isolated, then it basically is like standard WAN-LAN setup. And temporarily forwarding some ports to internal server is good solution to make it accessible for development, without any other configuration anywhere else.