Community discussions

MikroTik App
 
djboxny
newbie
Topic Author
Posts: 28
Joined: Mon Sep 05, 2011 7:15 am

Accesing other routerboard on different network

Tue Jan 05, 2021 5:57 am

Hi, i have a main router adrress 192.168.1.1/24 and i have a vlan86 192.168.6.1/24. i can ping all devices on vlan86 from main router. but i cannot access any of them thru winbox from a ip 192.168.1.0/24
config on main router
/ip firewall address-list
add address=192.168.1.22 list="Block Camera to China"
add address=192.168.1.23 list="Block Camera to China"
add address=192.168.1.44 list="Block Camera to China"
add address=192.168.1.21 list="Block Camera to China"
add address=107.170.255.167 list=servers_wisphub
add address=192.241.222.19 list=servers_wisphub
add address=192.168.13.1 list="All Claro Fibras"
add address=192.168.14.1 list=Routers
add address=192.168.11.1 list=Routers
add address=192.168.12.1 list=Routers
add address=192.168.13.1 list=Routers
add address=192.168.3.1 list=Routers
add address=10.11.11.6 comment=2000-Chanell list=Moroso
add address=10.0.0.1 list=Routers
add address=192.168.30.1 list=Routers
add address=192.168.233.0/24 comment="Carlos Net Own claro modem" list="CNET 200-20"
add address=10.0.0.6 list=allowed_to_router
add address=172.31.1.2 list=allowed_to_router
add address=192.168.1.0/24 list=allowed_to_router
add address=192.168.1.187 list=allowed_to_router
add address=10.12.10.24 comment=2038-canaMariaColon list=Aviso
add address=10.12.10.23 comment=2027-canaAmandaPujor list=Aviso
add address=10.12.10.21 comment=2004-canaMercedita list=Aviso
/ip firewall filter
add action=accept chain=forward comment="NTP allow" dst-port=123 protocol=udp
add action=accept chain=input src-address=192.168.23.0/29
add action=drop chain=forward comment="Block Camera to Internet" src-address-list="Block Camera to China"
add action=accept chain=input comment="WispHub - Permitir puerto morosos LAN" dst-port=999 in-interface=!bridge-Fibra1 protocol=tcp
add action=drop chain=input comment="WispHub - Bloquear puerto morosos" dst-port=999 protocol=tcp
add action=accept chain=forward dst-address=10.10.10.0/24 src-address=192.168.1.0/24
add action=accept chain=forward comment="access to Claro 200 line C net" dst-address=10.0.0.0/24 src-address=192.168.1.0/24
add action=accept chain=forward comment="forward to C net c5x" dst-address=192.168.233.0/24 src-address=10.0.0.0/24
add action=accept chain=forward dst-address=192.168.1.0/24 src-address=10.10.10.0/24
add action=accept chain=forward comment="To Routers from Allowed Net" dst-address-list=Routers src-address=192.168.1.0/24
add action=accept chain=forward comment="To Routers from Allowed Net" dst-address=192.168.6.0/24 src-address=192.168.1.0/24
add action=accept chain=forward comment="To Routers from Allowed Net" dst-address=192.168.1.0/24 src-address=192.168.6.0/24
add action=drop chain=forward comment="To Routers Drop all else" dst-address-list=Routers log=yes log-prefix=someone_trying_access_routers
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.233.0/24 in-interface=vlan60
add action=mark-routing chain=prerouting comment="Cnet to His WAN" in-interface=vlan60 new-routing-mark=cnetwan1 passthrough=no
add action=accept chain=prerouting comment=vlan44 src-address=192.168.18.2
add action=accept chain=prerouting comment="Blue Iris 88" dst-port=88 protocol=tcp
add action=accept chain=prerouting comment="Blue Iris 88" dst-port=88 protocol=udp
add action=mark-routing chain=prerouting comment="Solar PC to Fibra 1" disabled=yes new-routing-mark=To_Fibra1 passthrough=no src-address=192.168.1.87
add action=accept chain=prerouting comment="Acccep to vlan88" dst-address=172.31.1.0/27 src-address=192.168.1.190
add action=mark-routing chain=prerouting comment="All PPPOE to Altice line Vlan6" in-interface=all-ppp new-routing-mark=to_AlticePersonal passthrough=no
add action=accept chain=prerouting dst-address=192.168.11.0/24 in-interface-list="To Claro Balanced"
add action=accept chain=prerouting dst-address=192.168.12.0/24 in-interface-list="To Claro Balanced"
add action=accept chain=prerouting dst-address=192.168.13.0/24 in-interface-list="To Claro Balanced"
add action=accept chain=prerouting dst-address=192.168.3.0/24 in-interface-list="To Claro Balanced"
add action=accept chain=prerouting dst-address=192.168.14.0/24 in-interface-list="To Claro Balanced"
add action=accept chain=prerouting dst-address=192.168.10.0/24 in-interface-list="To Claro Balanced"
add action=accept chain=prerouting dst-address=192.168.19.0/24 in-interface-list="To Claro Balanced"
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether5 new-connection-mark=WAN1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether6 new-connection-mark=WAN2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=sfp-sfpplus1 new-connection-mark=WAN3_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3 new-connection-mark=WAN4_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=WAN5_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether7 new-connection-mark=WAN6_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=vlan8 new-connection-mark=200m2cnetmark
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list="To Claro Balanced" new-connection-mark=WAN1_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:8/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list="To Claro Balanced" new-connection-mark=WAN2_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:8/1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list="To Claro Balanced" new-connection-mark=WAN3_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:8/2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list="To Claro Balanced" new-connection-mark=WAN4_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:8/3
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list="To Claro Balanced" new-connection-mark=WAN5_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:8/4
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list="To Claro Balanced" new-connection-mark=WAN6_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:8/5
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list="To Claro Balanced" new-connection-mark=200m2cnetmark \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:8/6
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list="To Claro Balanced" new-connection-mark=200m2cnetmark \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:8/7
add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface-list="To Claro Balanced" new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface-list="To Claro Balanced" new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn in-interface-list="To Claro Balanced" new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn in-interface-list="To Claro Balanced" new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn in-interface-list="To Claro Balanced" new-routing-mark=to_WAN5
add action=mark-routing chain=prerouting connection-mark=WAN6_conn in-interface-list="To Claro Balanced" new-routing-mark=to_WAN6
add action=mark-routing chain=prerouting connection-mark=200m2cnetmark in-interface-list="To Claro Balanced" new-routing-mark=200mcnet2me
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_WAN2
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_WAN3
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_WAN4
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_WAN5
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_WAN6
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=200mcnet2me
add action=accept chain=prerouting disabled=yes dst-address=192.168.11.0/24 in-interface=all-ppp
add action=accept chain=prerouting disabled=yes dst-address=192.168.3.0/24 in-interface=all-ppp
add action=accept chain=prerouting disabled=yes dst-address=192.168.12.0/24 in-interface=all-ppp
add action=accept chain=prerouting disabled=yes dst-address=192.168.13.0/24 in-interface=all-ppp
add action=accept chain=prerouting disabled=yes dst-address=192.168.14.0/24 in-interface=all-ppp
add action=accept chain=prerouting disabled=yes dst-address=192.168.10.0/24 in-interface=all-ppp
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/0
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/1
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/2
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN3_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/5
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/3
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN3_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/4
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN4_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/6
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN4_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/7
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN5_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/8
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN5_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/9
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN6_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/10
add action=mark-connection chain=prerouting disabled=yes dst-address-type=!local in-interface=all-ppp new-connection-mark=WAN6_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:12/11
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=yes in-interface=all-ppp new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=yes in-interface=all-ppp new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn disabled=yes in-interface=all-ppp new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn disabled=yes in-interface=all-ppp new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN5_conn disabled=yes in-interface=all-ppp new-routing-mark=to_WAN5 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN6_conn disabled=yes in-interface=all-ppp new-routing-mark=to_WAN6 passthrough=yes
/ip firewall nat
add action=accept chain=dstnat comment="WispHub - Permitir pagina web morosos" dst-address-list=servers_wisphub src-address-list=Moroso
add action=accept chain=dstnat comment="WispHub - Permitir pagina web avisos" dst-address-list=servers_wisphub src-address-list=Aviso
add action=masquerade chain=srcnat comment="To access Boca de Mao c5x" dst-address=192.168.24.0/24
add action=masquerade chain=srcnat comment="To access C net esperansa c5x" dst-address=192.168.233.0/24
add action=masquerade chain=srcnat comment="To access Vlan87 Winbox" dst-address=192.168.6.0/24
add action=masquerade chain=srcnat comment="Wan Fibra 1 192.168.14.1/24" out-interface=ether2
add action=masquerade chain=srcnat comment="Wan Fibra 2 192.168.3.1/24" out-interface=ether3
add action=masquerade chain=srcnat comment="C Net Masquerade" out-interface=vlan9
add action=masquerade chain=srcnat comment="C Net Masquerade" out-interface=vlan8
add action=masquerade chain=srcnat comment="Fibra Claro 192.168.11.1/24" out-interface=ether5
add action=masquerade chain=srcnat comment="Fibra Claro + TV 192.168.12.1/24" out-interface=ether6
add action=masquerade chain=srcnat comment="Fibra Claro 192.168.10.1/24" out-interface=ether7
add action=masquerade chain=srcnat comment="Altice Personal Masquarade" out-interface=vlan6
add action=dst-nat chain=dstnat comment="Winbox In to 192.168.14.2" disabled=yes dst-port=8291 in-interface=bridge-Fibra1 protocol=tcp to-addresses=192.168.18.2 \
    to-ports=8291
add action=masquerade chain=srcnat comment="Fibra 5 192.168.13.1" out-interface=sfp-sfpplus1
add action=dst-nat chain=dstnat comment="Winbox In to 192.168.14.2" disabled=yes dst-port=8291 in-interface=bridge-Fibra1 protocol=udp to-addresses=192.168.18.2 \
    to-ports=8291
add action=dst-nat chain=dstnat comment="Winbox API In to 192.168.14.2" dst-port=8999 in-interface=ether2 protocol=tcp to-addresses=192.168.18.2 to-ports=8999
add action=redirect chain=dstnat comment="WispHub - Suspension de clientes(TCP)" dst-port=!8291 in-interface=!ether2 protocol=tcp src-address-list=Moroso to-ports=\
    999
add action=redirect chain=dstnat comment="WispHub - Suspension de clientes(UDP)" dst-port=!8291,53 in-interface=!ether2 protocol=udp src-address-list=Moroso \
    to-ports=999
add action=redirect chain=dstnat comment="WispHub - Aviso de Pago en Pantalla de clientes(TCP)" dst-port=80 in-interface=!ether2 protocol=tcp src-address-list=Aviso \
    to-ports=999
add action=dst-nat chain=dstnat comment="BlueIrisI In to 192.168.14.2" dst-port=88 in-interface=ether2 protocol=tcp to-addresses=192.168.18.2 to-ports=88
add action=dst-nat chain=dstnat comm[code]
ent="BlueIrisI In to 192.168.14.2" dst-port=88 in-interface=ether2 protocol=udp to-addresses=192.168.18.2 to-ports=88

[/code]
config on vlan86 cpe

/ip firewall filter
add action=accept chain=input src-address=192.168.1.0/24
add action=accept chain=input dst-address=192.168.1.0/24
add action=accept chain=output dst-address=192.168.1.0/24
[admin@PTP Cana - 2033 Virginia Andi] /ip firewall>

/ip dhcp-client
add interface=wlan1
add disabled=no interface=vlan87

Who is online

Users browsing this forum: bpwl, Mhrok, vladapub and 112 guests