my testsetup now has 3 Sub-Networks (192.168.a.0/24, 192.168.b.0/24, 192.168.c.0/24)
(internaly they are VLANs)
it is possible to send UDP packets from 192.168.a.20 to 192.168.b.30 (and back)
it is possible to HTTP open an webpage from 192.168.a.20 on 192.168.b.30
but it is NOT possible to PING 192.168.b.30 or SMB open \ 192.168.b.30
UNTIL i disable the Windows Firewall
question is: is there something i did wrong?
or is this “normal”?
can i change somthing in the Router to overcome this (use just one sub-net? and more firewal rules.. , or somthig with “NAT”?)
(windows 10 pro, network is “private”, no DomainControler)
if it is possible to use “NAT”, so Windows thinks the connection comes directly from the router (default-gateway adresse of the router, in this sub-net)
or (it is a home network) use diffenent VLANs but one “big” SUbnet 192.168.0.0/16
i think both are (if possible) NOT “best bractis”, but i am not sure about that
It depends on what you’re trying to do. It’s not the MikroTik in your way, the Windows Firewall is blocking the traffic. You’ll need to add the other networks as trusted in your Windows Firewall if you wish to communicate while having Windows Firewall enabled.
You can certainly create work-around on the network-layer, but you’re best of solving the problem within Windows, as it would be more secure and more favorable.