Super-simple routing

Darklurker2 · December 29, 2016, 6:13pm

Hi folks,

I have a very simple routing need using a little Hex box between two private networks like this

All I need is for devices in 172.20.0.0 to be able to connect to devices in 172.25.0.0, and vice-versa. There’s no worry about Internet access, or DHCP/DNS, etc., just flat-out, simple routing between those two networks. I don’t want NAT if I can avoid it. All of the examples I’ve found in the MicroTik manual site are much more complicated than mine, and seem to be more oriented towards using the router for Internet access, DHCP, etc, and I haven’t yet been able to divine what settings I need to make to get my simple setup going.

I have added firewall forward rules to allow forwarding from 172.20.0.0 to 172.25.0.0, and to allow forwarding from 172.25.0.0 to 172.20.0.0. My machine is on 172.20 and when I try to telnet to one of the machines in 172.25, I can see the packet and traffic counts increase in the firewall rules page for the 172.20 to 172.25 rule, but nothing on the 172.25 to 172.20 rule, and the telnet connection can’t complete.

What other settings do I need to tweak to get this working?

I’m new to RouterOS, but wow, this thing is sweet.

Thanks for any help or direction anyone can give.
Dave

pe1chl · December 29, 2016, 7:10pm

When you are trying new things and they do not work, always start without firewall rules or put a blank “accept” rule at the top of the forward list temporarily.
When it works, and it stops working when you remove that rule or add other rules, at least you know the firewall is the problem.

In your case there may be a different issue: do the systems in the 172.20.0.0/16 network know that the route to 172.25.0.0/16 is via 172.20.3.10?
And to the systems in 172.25.1.1 have a route to 172.20.0.0/16 (or a default route) that is via 172.25.1.1 ?

When they have another default route, it may be that you need to install a route in that (other) router to point to the MikroTik router.

Darklurker2 · December 29, 2016, 8:23pm

Hi Pe1chl,

Thanks for the info. It was the routing/default route on the machines in 172.25.0.0 - it’s a bunch of Avaya switches that I’m moving into their own management VLAN. I had a “management” default route set in them, but that doesn’t work like I thought it would. Once I set a “regular” default route in those switches, everything works like it should.

Thanks again.

Dave