Trouble accessing fire-walled subnets

spidervalve100 · February 26, 2015, 9:16pm

Hello,

I have been using a Mikrotik RB2011 for about a year now and have run into a bit of a problem. I have two subnets 192.168.0.0/24 and 192.168.1.0/24. The first is my main subnet and the second a guest subnet. I have blocked traffic through them with the firewall by dropping all traffic from the second to the first. However a few computers need to be able to access the 192.168.0.0/24 network. I have been able to achieve this by accepting forwards from the specified ip address and placing it at the top of the list. But I need access to one computer on the 192.168.1.0/24 network from the 192.168.0.0/24 network. And no matter what I put in the firewall I cannot access this computer from the other subnet unless I allow all access across both networks. I have stumped for a few weeks now and hope someone here can give me some insight into the problem.

spidervalve100 · March 2, 2015, 11:46pm

OK So I found a way around this mess. First, I had to update the OS. Then I had to create 2 entries in the firewall dropping the forward as shown (I called it my allow list, giving me 6 IPs):

SRC. 192.168.1.0-192.168.1.109 DST 192.168.0.0/24
SRC 192.168.1.116-192.168.1.254 DST 192.168.0.0/24

I dont know why this didnt work before the upgrade, but it does now. I think im going to disable ARP in the interface so all traffic must use the DHCP server and then I can just change the ip in the lease to static and set the ip in the range of my allow list. Then I can adjust the scope of my allow list depending on how many computers need access.