When creating VLANs on the same interface is it necessary that they have IP addresses from different networks?
Ones I’ve created with addresses from the same network - ie VLAN1 192.168.0.10/24, VLAN2 192.168.0.20/24 seem to work quite happily and it makes routing a lot easier. However it seems to run counter to the rule that every interface on a router must be on a separate network.
Why would you want to? As I can’t get port forwarding to work on RouterOS in the way it’s supposed to I have to use dst-natting, so creating a VLAN for 192.168.0.20 I can then dst-nat this on to an internal network.
Im no expert but I managed to get port-forwarding working very simple (only been using it a few days too). Found the article on the wiki the rule Im using is:
You need to ensure that the internal network is masquardaded or the rule will not work.
ip firewall nat
add action=dst-nat chain=dstnat comment=“SMTP to Exchange Server
(Internet Provider)” disabled=no dst-address=external_ip_goes_here dst-port=25 protocol=tcp
to-addresses=internal_ip_goes_here to-ports=25
Me neither, despite the fact I’ve wrestling with RouterOS for over 18 months!
Yes, it worked. That was how I thought it worked, so I don’t know why it hasn’t been this past 18 months! I used to get some sort of error message about not being able to do IP matching, or something like that.