i want to divide my network in 3 Parts
my testsetup now has 3 Sub-Networks (192.168.a.0/24, 192.168.b.0/24, 192.168.c.0/24)
(internaly they are VLANs)
it is possible to send UDP packets from 192.168.a.20 to 192.168.b.30 (and back)
it is possible to HTTP open an webpage from 192.168.a.20 on 192.168.b.30
but it is NOT possible to PING 192.168.b.30 or SMB open \\ 192.168.b.30 \
UNTIL i disable the Windows Firewall
question is: is there something i did wrong?
or is this "normal"?
can i change somthing in the Router to overcome this (use just one sub-net? and more firewal rules.. , or somthig with "NAT"?)
(windows 10 pro, network is "private", no DomainControler)
-
-
AlainCasault
Trainer
- Posts: 632
- Joined:
- Location: Prévost, QC, Canada
- Contact:
Re: Windows Firewall and Sub-Network question
Hello,
By default, all devices in the same router can communicate with each other if you don't have firewall rules blocking anything.
You answered you own question. It works when you disable the Windows firewall. I don't see what else you need??
Regards,
Sent from Tapatalk
By default, all devices in the same router can communicate with each other if you don't have firewall rules blocking anything.
You answered you own question. It works when you disable the Windows firewall. I don't see what else you need??
Regards,
Sent from Tapatalk
Re: Windows Firewall and Sub-Network question
if it is possible to use "NAT", so Windows thinks the connection comes directly from the router (default-gateway adresse of the router, in this sub-net)
or (it is a home network) use diffenent VLANs but one "big" SUbnet 192.168.0.0/16
i think both are (if possible) NOT "best bractis", but i am not sure about that
or (it is a home network) use diffenent VLANs but one "big" SUbnet 192.168.0.0/16
i think both are (if possible) NOT "best bractis", but i am not sure about that
Re: Windows Firewall and Sub-Network question
i came across "proxy-arp"
this will end up in the "one "big" SUbnet 192.168.0.0/16"
quick question: what happens to broadcast messages?
(to 192.168.255.255)
thank you
this will end up in the "one "big" SUbnet 192.168.0.0/16"
quick question: what happens to broadcast messages?
(to 192.168.255.255)
thank you
-
-
bramwittendorp
Member Candidate
- Posts: 101
- Joined:
- Location: The Netherlands
- Contact:
Re: Windows Firewall and Sub-Network question
It depends on what you're trying to do. It's not the MikroTik in your way, the Windows Firewall is blocking the traffic. You'll need to add the other networks as trusted in your Windows Firewall if you wish to communicate while having Windows Firewall enabled.
You can certainly create work-around on the network-layer, but you're best of solving the problem within Windows, as it would be more secure and more favorable.
You can certainly create work-around on the network-layer, but you're best of solving the problem within Windows, as it would be more secure and more favorable.
Re: Windows Firewall and Sub-Network question
atm i have 3 sub-networks
need to "send" Static Routes (per DHCP) Option 121
because sub-networks have there own (stupid) default gateways..
proxy-arp looks "elegant" to me.. .
need to "send" Static Routes (per DHCP) Option 121
because sub-networks have there own (stupid) default gateways..
proxy-arp looks "elegant" to me.. .
Re: Windows Firewall and Sub-Network question
small update:
i am using proxy-arp to "see" my vpn (ipsec/l2tp) connected devices on the LAN
this seems to be a common usecase
so i also tried it on my sub-networks, and deleted the "static routes" ..
works fine and
for me this seems to be an good solution (and the Windows Firewall is also happy..)
i am using proxy-arp to "see" my vpn (ipsec/l2tp) connected devices on the LAN
this seems to be a common usecase
so i also tried it on my sub-networks, and deleted the "static routes" ..
works fine and
for me this seems to be an good solution (and the Windows Firewall is also happy..)