Community discussions

 
nelld
just joined
Topic Author
Posts: 1
Joined: Tue Feb 05, 2019 12:32 pm

Connecting 2 Routers (Mikrotik + TP Link AC1200)

Tue Feb 05, 2019 12:46 pm

Hi,

I hope you can help me with my problem.
Everything works in below diagram except the 192.168.88.x naturally cannot establish connection to 192.168.0.x network.
TP-Link NAT and SPI already disabled.
I added a static route in Mikrotik to destination 192.168.0.x via eth02 (Tp-Link WAN static IP: 192.168.88.3)
Note: I configured the Mikrotik router out of the box and just added bonding config, pppoe for my internet and static route.

Any help or inputs is greatly appreciated.

Image

Here's the IP export:
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether3 network=192.168.88.0
add address=192.168.0.1/24 interface=ether2 network=192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 name=router.lan
/ip firewall address-list
add address=***.sn.mynetname.net list=WAN-IP
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=\
!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input dst-port=8728 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="HAIRPIN .88 Network" dst-address=192.168.88.0/24 src-address=\
192.168.88.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=\
WAN
add action=dst-nat chain=dstnat dst-address-list=WAN-IP dst-port=5000-5001 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.88.88 to-ports=5000-5001
/ip route
add comment="Route to TP-Link" distance=1 dst-address=192.168.0.0/24 gateway=192.168.88.3

Who is online

Users browsing this forum: No registered users and 13 guests