Community discussions

 
Zahor1
just joined
Topic Author
Posts: 5
Joined: Wed May 01, 2019 4:20 pm

Connecting 2 routers & LTE via Powerline adapters.

Wed May 01, 2019 4:35 pm

I have internet via LTE Asus 4GN12 LAN+WIFI
192.168.3.1
and 2 separate LANs with Mikrotik routers
First router must be 192.168.240.240 due to special Hardware requiring it.
Second 192.168.230.1 HW requires 192.168.230.0 LAN
All three components are connected via passthrough powerline adapters TP-PA8010P.
There is no problem with internet. It was easy.
But I need connect together PCs on both LANs together.
 
Zahor1
just joined
Topic Author
Posts: 5
Joined: Wed May 01, 2019 4:20 pm

Re: Connecting 2 routers & LTE via Powerline adapters.

Thu May 02, 2019 12:16 pm

It looks it needs just some firewall or route settings made done on both mikrotiks.
Cannot figure it. When try to Ping it
It is not accessible

From 182.168.230 via powerline
Connection in firewall shows
Src add 192.168.3.3 (Adress for LTE router lan)
Dst add 192.168.240.200
Reply src add 192.168.240.200
reply dst add 192.168.3.3

Both internet connection LTE router and microtics
Are on ether1 connected via powerline
 
mkx
Forum Guru
Forum Guru
Posts: 2474
Joined: Thu Mar 03, 2016 10:23 pm

Re: Connecting 2 routers & LTE via Powerline adapters.

Thu May 02, 2019 2:14 pm

You'll have to describe the functionality and settings of each individual device:
  • do they perform firewalling?
  • what are their WAN and LAN IP addresses?
  • do they perform NAT?
  • what kind of connectivity between subnets do you need, full (almost transparent) or just for a few select services?
  • And perhaps the most important one: do you require two distinct subnets?
BR,
Metod
 
Zahor1
just joined
Topic Author
Posts: 5
Joined: Wed May 01, 2019 4:20 pm

Re: Connecting 2 routers & LTE via Powerline adapters.

Thu May 02, 2019 4:38 pm

You'll have to describe the functionality and settings of each individual device:
  • do they perform firewalling?
  • what are their WAN and LAN IP addresses?
  • do they perform NAT?
  • what kind of connectivity between subnets do you need, full (almost transparent) or just for a few select services?
  • And perhaps the most important one: do you require two distinct subnets?
Here is situation how it is, it evolved for 8 years.
First was 192.168.240.0/24 net running OPG RTG + imaging system on 2 PC with just 1GBit switch. With Dongle only possibility to place PC on device was necessary to ad wifi so CRS109 was added WIFI + 1Gbit ports (there are other limitations OPG direct to router, cable no longer than 2m etc... ),
Second network payment terminal was made. Its own network 192.168.3.0/24. no big deal LTE router placed on spot with best 4G signal, connected via passthrough powerline to terminal + airprint + payment registration on government site via iPhone (easiest app).
Third network CAD CAM system was installed. CAD/CAM needs internet access. Now law mandate us to get PCs in 192.1687.240.0/24 online. So far so good.
.
There are just basic settings on Mikrotik routers, when you make quick settings Home AP point.
.
I have to self study everything. Nobody helps. Not sure if company installing first network it still exists, others just cares about their networks if any. That is why I looks easiest but correct solutions.
If necessary I completely made setup of routers, but initially i need to help and know what I am doing.
.
There is small perk. On x.x.240.x network is NAS for backups. So I would like to backup all PCs to this NAS + ESET end point security has possibility to centrally manage software on all PC
That is my second target. On 192.168.240.x network is also RVG RTG device with drivers for win98 I was able to convince to work on Win7 but not on Win10 so Win7 is essential there too.

Two subnets are there due to traffic ..240...OPG to imaging server, vista + OPG to imaging PCs + to wifi, ..230... CAM to CNC data, CAD to CAM. If one of them is not working second one must be.

Image
 
mkx
Forum Guru
Forum Guru
Posts: 2474
Joined: Thu Mar 03, 2016 10:23 pm

Re: Connecting 2 routers & LTE via Powerline adapters.

Thu May 02, 2019 10:43 pm

Do MT devices run firewall and NAT? Needed configuration changes depend on this information.
BR,
Metod
 
Zahor1
just joined
Topic Author
Posts: 5
Joined: Wed May 01, 2019 4:20 pm

Re: Connecting 2 routers & LTE via Powerline adapters.

Thu May 02, 2019 11:08 pm

Do MT devices run firewall and NAT? Needed configuration changes depend on this information.
Yes, both have NAT and firewall running
 
mkx
Forum Guru
Forum Guru
Posts: 2474
Joined: Thu Mar 03, 2016 10:23 pm

Re: Connecting 2 routers & LTE via Powerline adapters.  [SOLVED]

Thu May 02, 2019 11:34 pm

I'll describe example configuration for hAP ac lite. Configuration for CRS should be similar. I'll assume configuration which is default in recent ROS. If your current config is much different, post it so we'll know where to start from.

The default NAT rule is such:
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
A restriction on destination IP address should be introduced. As there's only a single subnet for which NAT should not be done (the one behind CRS), we can use a quite simple change. Also a static route is needed
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN dst-address=!192.168.240.0/24
/ip route
add dst-address=192.168.240.0/24 gateway=192.168.3.x #enter CRS' WAN address here

Default firewall filter rules won't allow incoming connections from the other LAN, so add appropriate allow rule(s). If you want to allow just anything, add a simple rule. Below there are 3 rules, first and last are default rules and the middle is rule which allows connections from the other LAN subnet:
/ip firewall filter
add action=accept chain=forward comment="allow dst-nat connections from WAN" \
    connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=allow chain=forward comment="allow connections from imaging subnet" \
   connection-state=new in-interface-list=WAN src-address=192.168.240.0/24
add action=drop chain=forward comment="drop anything else from WAN" in-interface-list=WAN
If you don't want to allow full connectivity, create one or more restrictive rules and place them between indicated default firewall rules.

The setup on CRS should probably be symmetrical to the config shown above.
BR,
Metod
 
Zahor1
just joined
Topic Author
Posts: 5
Joined: Wed May 01, 2019 4:20 pm

Re: Connecting 2 routers & LTE via Powerline adapters.

Fri May 03, 2019 9:56 am

Thank you.
It is working.
I have to work a bit with syntax but perfect.
Last thing FTP protocol it is working on Chrome but not Edge. I don't care about it.
I would like to attach NAS folder as network disc. It is unable so far.
I can attach it as internet network site (FTP) folder. Strange but works

Who is online

Users browsing this forum: No registered users and 14 guests