HI,
can you help me?
I have three LANs - Bridges on CRS326:
ISP on ether 1
Bridge A: 192.168.1.0/24 (2-22) CRS326
Bridge B: 192.168.2.0/24 (23 - spf1) connected with CSS326 number1
Bridge C: 192.168.3.0/24 (24-spf2) connected with CSS326 number2
On Bridge B, I have connected NAS server (Qnap)
On Bridge C, I have connected another server
I CAN ping all of them from any bridge and connect to Internet
Issue:
I can see my servers only when am I in same subnet ??
When I am connected with PC (win10) on different subnet ,then it is not working (It doesn´t connect)except ping???
It is probably issue with firewall settings, but it’s impossible to say for sure … unless you post (anonymized) configuration. Execute command /export hide-sensitive file=anynameyouwish inside terminal window, fetch resulting file, open it in text editor, obfuscate any remaining sensitive information (e.g. public IP address or PPPoE username and password) and copy-paste it in post inside [__code] [/code] environment.
Okay so the switch is also a router and you are using bridges to dish subnets to sets of ports vice using VLANs.
Four bridges
Four pools
Four dhcp servers.
so far so good.
(1) Why is bridge test NOT part of the LAN interface group??
(2) if this is acting as a router why dont you have any firewall rules??
Yes, I forgot to assign bridge40 test - but it is not matter because important bridges are main, 20 and 30…
About firewall - I am testing without any rules to resolute issue.
Do I need forward port 443 for traffic between subnets?
Sorry if you are connected to the internet without any rules I will not help further.
The default firewall rules are safe and do not stop any connectivity (do not cause issuesa) and by removing them you have no security.
If there’s no firewall on router, then it’s certainly not blocking access between your subnets. It could be the other devices, maybe their firewalls don’t like access from other than their local subnet.
Thanks…I think “Sob” are right…
I would like to have NAS on different subnet…but I am afraid it is not solution to do this.
When I connected in same subnet with PCs it works fine…but…
I can see my servers only when am I in same subnet ??
All these sorts of “discovery” mechanisms are design to only work WITHIN THE SAME LAN / IP-SUBNET !!
So it might be very normal certain devices don’t automagically “show” up if your main PC is sitting in another subnet.
The bottom line, can you connect manually ? Eg on your PC on 192.168.1.x can you for example reach a QNAP managemt interface on https://192.168.2.x
Can you for example RDP to a server in 192.168.3.x
What applications / ports / services are you tryingg to use across the different subnets ?
Yes,
I can connected to WEB management QNAP(static address) on different subnet, but I cant find server over Qfinder (asked on QNAP forum-they told me no-go).
Also I have another server bOS Configurator (static address) for smart living house configure…but I can not connected to server, only on WEB Client!
They told me that I need to open 443 port.
Do I need top open specially on FW?
No firewall = everything is open (it’s btw good idea to fix that). And port 443 is usually used by https, so web. Seems unusual that if would be used for some kind of autodiscovery.
I’m not sure what useful info I can add. Firewall in RouterOS allow everything by default (when it’s blank), so anything you don’t block can pass through. Different subnets may be problem, because manufacturers of other devices may not support that scenario. In some cases you may be able to live without their tools.
For example file sharing with NAS between subnets is no problem, you just won’t be able to discover it automatically, but you can access it by IP address, or configured hostname (either locally or on router). Either make a shortcut for it, or map network drive, you do it once and it’s there. Configuration should also be no problems, NASes usually have web interface, which you again can access using IP address.
With something else it may be more problematic. If the only way to control something is proprietary tool that simply doesn’t support devices in other subnets, you may be out of luck there.
In addition to what @sob mentioned: since security became high-profile stuff lately, quite some gadgets won’t allow connections (either management only or even service) from IP addresses outside device’s own IP subnet. So check settings to see if some sort of firewall on device blocks such connections.
ok, how to open or forward port
-example: 16100 from 192.168.10.x to 192.168.20.x?
Is it possible to check in Winbox which ports are open?
Thank you
BR
