Hi,
We’ve configured a Mikrotik RB3011 with two subnets: 192.168.1.* and 192.168.20.*. The firewall is dropping traffic between both subnets. For example: we cannot ping from 192.168.1.58 to 192.168.20.52.
Both subnets are using a different public WAN-IP.
Is it possible to acces a device in subnet A from subnet B through WAN? See picture
I hope i’ve explained it well.
Best regards,
Joost Lauwen
Forget picture. post config please
/export hide-sensitive file=anynameyouwish
Logically speaking what is the point of separate LAN networks if they are allowed to see each other?
If its strictly to separate by WANIP, is there a reason for this?
It would be better for all to share both WANIPs full time.
Another option is to have one WAN as primary and the other only as a backup failure mode etc..
By default, mikrotik does not drop traffic between two subnet,if you ping the gateweay of your two subject from another subnet, you will find that you can ping the gateway.
so you can ping 192.168.1.1 (gateway of 192.168.1.0/24) from 192.168.20.58.
you don’t need to go through WAN to access between the two subnets, just make sure you have appropriate routing table and NAT, namingly hairpin NAT
https://help.mikrotik.com/docs/display/ROS/NAT#NAT-HairpinNAT
Hairpin NAT is used mostly for accessing another LAN through VPN but I believe the same concept apply here.