Community discussions

MikroTik App
 
ge0rge
just joined
Topic Author
Posts: 7
Joined: Wed Jul 21, 2021 12:03 pm

Two RB4011s, Two LAN, one WAN

Wed Jul 21, 2021 1:02 pm

Good evening,

I currently have two RB4011's on two separate properties, a couple of KM apart. They both have pretty simple configurations with a DHCP running on each. Router A has an ADSL connection on port 1 that it gets very slow internet from. Router B has a fiber connection on Port 1, which I want to share with Router A via a radio link.

Both routers have a Unifi radio connected on Port 10, as shown on the picture attached. The radios, and port 10 on both routers, are on their own subnet, being 192.168.20.0/24. There are two further radios at the top of a hill that are wired together to create two wireless legs, as there isn't line of sight between the properties. If I connect the radio at router B to a NAS etc, instead of the router, I can happily access it on the subnet 192.168.192.0/24, so I am happy that the radio links function.

Image

From the reading I have done so far, I know that I need to create a route on Router A to point at port 10 on Router B - I have done this via
add distance=1 gateway=192.168.20.6
but it's about here that I become unstuck. Am I right in suggesting that I need to change the gateway on the dhcp-server network to point at something on Router B? Port 10 address perhaps?, or something else?

I have included the config from Router A here, in the hope that a couple of small additions/changes will see me on the right path. I can post router B if required, it's just a bit of a trek to get it - while I can see B from A, I can't access it. I am thinking that I might need to do something with the firewall on Router A, and just let Router B do all the work - seems to be double-handling for packets to go through two firewalls.

Any advice is greatly appreciated - I've been able to follow a few guides to get me this far but haven't been able to find one that explains just what I am trying to do - or at least that I could understand.
# jul/21/2021 21:13:38 by RouterOS 6.48.1
# software id = XNUF-D3YG
#
# model = RB4011iGS+
# serial number = XXXX
/interface bridge
add admin-mac=08:55:31:9E:BB:20 auto-mac=no comment=defconf name=bridge
add disabled=yes name=bridge1
/interface ethernet
set [ find default-name=ether10 ] name="NanoBeam PoE"
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=XXXX
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip kid-control
add fri=6h-22h mon=6h-22h name=Teresa sun=6h-22h thu=6h-22h tue=6h-22h wed=6h-22h
add fri=6h-22h30m mon=6h-22h30m name=Katelyn sat=6h-22h30m sun=6h-22h30m thu=6h-22h30m tue=6h-22h30m wed=6h-22h30m
/ip pool
add name=dhcp ranges=192.168.192.175-192.168.192.245
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/user group
add name=homeassistant policy=read,test,api,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge interface="NanoBeam PoE"
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface="NanoBeam PoE" list=WAN
/ip address
add address=192.168.192.1/24 comment=defconf interface=bridge network=192.168.192.0
add address=192.168.20.1/24 interface="NanoBeam PoE" network=192.168.20.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.192.111 comment="Shelly 1 Front Gate Light Switch" mac-address=40:F5:20:00:84:F5 server=defconf
add address=192.168.192.112 comment="Shelly 1 Front Gate Control" mac-address=E0:98:06:94:EA:4C server=defconf
add address=192.168.192.30 mac-address=C8:2B:96:02:A8:2E server=defconf
add address=192.168.192.76 client-id=1:3e:f8:ea:76:21:1c mac-address=3E:F8:EA:76:21:1C server=defconf
add address=192.168.192.75 client-id=1:24:5e:be:3:79:8d mac-address=24:5E:BE:03:79:8D server=defconf
add address=192.168.192.6 comment="Workshop Aruba Switch" mac-address=F4:03:43:07:BB:A0 server=defconf
add address=192.168.192.80 client-id=1:b8:ae:ed:71:77:64 comment="TV Lounge NUC" mac-address=B8:AE:ED:71:77:64 server=defconf
add address=192.168.192.20 client-id=1:80:2a:a8:4f:f9:cc mac-address=80:2A:A8:4F:F9:CC server=defconf
add address=192.168.192.40 client-id=1:24:f2:7f:c0:d4:b4 mac-address=24:F2:7F:C0:D4:B4 server=defconf
add address=192.168.192.43 client-id=1:24:f2:7f:c0:d3:e6 mac-address=24:F2:7F:C0:D3:E6 server=defconf
add address=192.168.192.41 client-id=1:38:17:c3:c4:58:aa mac-address=38:17:C3:C4:58:AA server=defconf
add address=192.168.192.21 client-id=1:f0:9f:c2:2f:14:da comment="Front Gate Camera" mac-address=F0:9F:C2:2F:14:DA server=defconf
add address=192.168.192.23 client-id=1:f0:9f:c2:2f:41:56 comment="Front Door Camera" mac-address=F0:9F:C2:2F:41:56 server=defconf
add address=192.168.192.22 client-id=1:f0:9f:c2:14:ae:3 comment="Driveway Camera" mac-address=F0:9F:C2:14:AE:03 server=defconf
add address=192.168.192.24 client-id=1:80:2a:a8:cc:6b:6f comment="Tool Room Camera" mac-address=80:2A:A8:CC:6B:6F server=defconf
add address=192.168.192.55 client-id=1:b8:27:eb:1b:ba:8 mac-address=B8:27:EB:1B:BA:08 server=defconf
add address=192.168.192.77 client-id=1:e6:94:7:ac:11:8d comment="Sheree's Work iPhone" mac-address=E6:94:07:AC:11:8D server=defconf
add address=192.168.192.34 client-id=ff:5d:e2:6c:15:0:2:0:0:ab:11:e0:9:e3:c8:ec:6a:4:20 mac-address=52:54:00:08:19:5E server=defconf
add address=192.168.192.74 client-id=1:a8:db:3:5:e7:13 mac-address=A8:DB:03:05:E7:13 server=defconf
add address=192.168.192.78 client-id=1:c0:11:73:c:d7:ed mac-address=C0:11:73:0C:D7:ED server=defconf
add address=192.168.192.12 client-id=1:bc:30:5b:d3:ad:5e comment="UnRaid R710 iDRAC" mac-address=BC:30:5B:D3:AD:5E server=defconf
add address=192.168.192.44 client-id=1:38:17:c3:c4:59:28 mac-address=38:17:C3:C4:59:28 server=defconf
add address=192.168.192.7 comment="Unifi Flex Mini - Lounge" mac-address=74:AC:B9:AB:E8:E8 server=defconf
add address=192.168.192.4 client-id=1:f0:9f:c2:9:d4:6a comment="Unifi Tool Room Switch-8 150W" mac-address=F0:9F:C2:09:D4:6A server=defconf
add address=192.168.192.5 client-id=1:74:ac:b9:1e:6:eb comment="House Switch-8" mac-address=74:AC:B9:1E:06:EB server=defconf
add address=192.168.192.3 client-id=1:80:2a:a8:5d:b7:a0 comment="House Switch-8 150W" mac-address=80:2A:A8:5D:B7:A0 server=defconf
add address=192.168.192.2 client-id=1:b4:fb:e4:d0:72:6a comment="Gun Room Switch-24" mac-address=B4:FB:E4:D0:72:6A server=defconf
add address=192.168.192.25 client-id=1:24:52:6a:2d:ee:9 mac-address=24:52:6A:2D:EE:09 server=defconf
add address=192.168.192.26 client-id=1:24:52:6a:2d:ed:e0 mac-address=24:52:6A:2D:ED:E0 server=defconf
add address=192.168.192.113 comment="Shelly 1PM - Hot Water Cylinder" mac-address=98:F4:AB:B8:D2:89 server=defconf
add address=192.168.192.79 client-id=1:f4:4d:30:67:4a:4f comment="Server Room Nuc" mac-address=F4:4D:30:67:4A:4F server=defconf
add address=192.168.192.110 client-id=1:0:15:5d:c0:e5:3 comment="Home Assistant VM on Server Room Nuc" mac-address=00:15:5D:C0:E5:03 server=defconf
add address=192.168.192.114 comment="Shelly 1 Workshop High Bay Lights" mac-address=E8:DB:84:D3:3D:3D server=defconf
add address=192.168.192.70 client-id=1:a8:a1:59:64:a7:70 comment="Office PC" mac-address=A8:A1:59:64:A7:70 server=defconf
/ip dhcp-server network
add address=192.168.192.0/24 comment=defconf dns-server=192.168.192.100 gateway=192.168.192.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.192.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=192.168.192.0/24 src-address=192.168.192.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN src-address=192.168.192.0/24
/ip kid-control device
add mac-address=94:54:CE:CD:7D:FD name="Teresa Phone" user=Teresa
add mac-address=7E:A9:46:8A:E8:8C name="Katelyn Phone" user=Katelyn
/ip route
add distance=1 gateway=192.168.20.6
/ip service
set www address=192.168.192.0/24
set www-ssl disabled=no
set api address=192.168.192.0/24
/system clock
set time-zone-name=Pacific/Auckland
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
jigsaw
just joined
Posts: 9
Joined: Mon Jul 19, 2021 2:44 pm

Re: Two RB4011s, Two LAN, one WAN

Wed Jul 21, 2021 5:27 pm

There seems to be a bunch of things I could comment on, but the most important would be:

  • if you are doing routing between these sites, do not add the respective interface to bridge. Go to Bridge > Ports in winbox and delete the line where interface is the one going to the other site. Or in console you could do something like
     /interface bridge port remove [/interface bridge port find interface="NanoBeam PoE"] 
  • to achieve connectivity between sites you should set up routes.
    on Router A:
    /ip route add dst-address=192.168.1.0/24 gateway=192.168.20.6

    on Router B:
    /ip route add dst-address=192.168.192.0/24 gateway=192.168.20.1

    After that devices in one LAN should be able to reach devices in the other. As far as I can tell, no DHCP changes are necessary.

Other than that I'm not sure what is your question - do you want to achieve some sort of failover between internet connections? Or just connectivity between sites?
Please describe this more if I haven't answered your question.
 
ge0rge
just joined
Topic Author
Posts: 7
Joined: Wed Jul 21, 2021 12:03 pm

Re: Two RB4011s, Two LAN, one WAN

Wed Jul 21, 2021 7:22 pm

Thanks for taking the time to read and.comment.

The main goal I'd like to achieve is for Router A to use the fibre connection on port 1 of Router B as it's primary internet connection. I'm not worried about any sort of failover, as eventually I'd like to get rid of the ADSL at Router A.
 
User avatar
jigsaw
just joined
Posts: 9
Joined: Mon Jul 19, 2021 2:44 pm

Re: Two RB4011s, Two LAN, one WAN

Wed Jul 21, 2021 8:17 pm

Oh, ok... in that case you actually don't need to add that route on Router A. Since your default gateway for it is already Router B (as you stated in your first post), you can omit that line. You still need to add that route on Router B.

Also you should check your NAT rules on Router B. If they're similar to Router A then you will have connectivity between LANs, but devices on Router A side will have no connection to the internet.
This rule might work:
/ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN src-address=192.168.192.0/24

And if it doesn't - just post the config from Router B and we'll figure it out :)
 
ge0rge
just joined
Topic Author
Posts: 7
Joined: Wed Jul 21, 2021 12:03 pm

Re: Two RB4011s, Two LAN, one WAN

Thu Jul 22, 2021 1:42 pm

I have added the rule mentioned to Router B. It sits at my fathers place down the road, and he has got a few other things going on with it that he has added over time and has working. He did have a VLAN on 192.168.20.0/24 that he has since deleted, but I feel like I can still see traces of it in his config - I think perhaps they could be upsetting things as I still cannot get internet access via Router B from a PC connected to Router A.

At this stage I can't ping 192.168.20.6 from the PC on router A - "Reply from 192.168.20.1: Destination host unreachable", although I can reach 192.168.20.5 - the last radio in the link. This leads me to believe that there is still something not configured correctly on Router B.
I won't waste your time posting the config until I have another look at it - it's probably not a routing problem that I can't ping the port.
 
ge0rge
just joined
Topic Author
Posts: 7
Joined: Wed Jul 21, 2021 12:03 pm

Re: Two RB4011s, Two LAN, one WAN

Fri Jul 23, 2021 1:27 pm

Ok. Defaulted router B and added the bare minimum to get the internet working at the old's place, then added the rules and code suggested above.

Changing the default DHCP gateway on router A to 192.168.20.6 leaves me with no internet behind router A.
I have found that I can ping 192.168.192.1 from behind router B, but I can't ping 192.168.1.1, or 192.168.20.6, from behind router A.

I sort of thought that all I would need to do was unplug the adsl on router A, change the default gateway on the dhcp, and I shoud have internet from router B - I now feel like the more things I try the more I realise how little I actually know!

Grateful for further advice or suggestions.

Configurations as below for both routers:

Router A
# jul/23/2021 22:06:50 by RouterOS 6.48.1
# software id = XNUF-D3YG
#
# model = RB4011iGS+
# serial number = D44A0D3F03F5
/interface bridge
add admin-mac=08:55:31:9E:BB:20 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether10 ] name="NanoBeam PoE"
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=xxx
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip kid-control
add fri=6h-22h mon=6h-22h name=Teresa sun=6h-22h thu=6h-22h tue=6h-22h wed=6h-22h
add fri=6h-22h30m mon=6h-22h30m name=Katelyn sat=6h-22h30m sun=6h-22h30m thu=6h-22h30m tue=6h-22h30m wed=6h-22h30m
/ip pool
add name=dhcp ranges=192.168.192.175-192.168.192.245
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/user group
add name=homeassistant policy=read,test,api,!local,!telnet,!ssh,!ftp,!reboot,!write,!policy,!winbox,!password,!web,!sniff,!sensitive,!romon,!dude,!tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface="NanoBeam PoE" list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.192.1/24 interface=bridge network=192.168.192.0
add address=192.168.20.1/24 interface="NanoBeam PoE" network=192.168.20.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
//deleted for brevity//
/ip dhcp-server network
add address=192.168.192.0/24 comment=defconf dns-server=1.1.1.1 gateway=192.168.20.6 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1
/ip dns static
add address=192.168.192.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=192.168.192.0/24 src-address=192.168.192.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN src-address=192.168.192.0/24
/ip kid-control device
add mac-address=94:54:CE:CD:7D:FD name="Teresa Phone" user=Teresa
add mac-address=7E:A9:46:8A:E8:8C name="Katelyn Phone" user=Katelyn
/ip route
add distance=1 gateway=192.168.20.6
/ip service
set www address=192.168.192.0/24
set www-ssl disabled=no
set api address=192.168.192.0/24
/system clock
set time-zone-name=Pacific/Auckland
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Router B
# jul/23/2021 22:01:38 by RouterOS 6.48.3
# software id = CA70-VWAJ
#
# model = RB4011iGS+
# serial number = D44A0DA8360B
/interface vlan
add interface=ether1 name=ether1.10 vlan-id=10
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1.10 name=pppoe-out1 user=xxxx
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=sfp-sfpplus1 name=dhcp1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=sfp-sfpplus1 list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.1.1/24 interface=sfp-sfpplus1 network=192.168.1.0
add address=192.168.20.6/24 interface=ether10 network=192.168.20.0
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall address-list
add address=192.168.1.0/24 list=LAN
/ip firewall filter
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid
add action=drop chain=input comment="Drop Invalid" connection-state=invalid
add action=accept chain=input comment="Accept Admin from LAN " src-address-list=LAN
add action=accept chain=input comment="Accept established" connection-state=established
add action=drop chain=input
add action=accept chain=forward connection-state=new src-address-list=LAN
add action=accept chain=forward connection-state=related
add action=accept chain=forward connection-state=established
add action=drop chain=forward connection-state=new
/ip firewall mangle
add action=change-mss chain=forward new-mss=1452 out-interface=pppoe-out1 protocol=tcp tcp-flags=syn tcp-mss=1453-65535
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address-list=LAN
add action=masquerade chain=srcnat out-interface-list=WAN src-address=192.168.192.0/24
/ip route
add distance=1 dst-address=192.168.192.0/24 gateway=192.168.20.1
/system clock
set time-zone-name=Pacific/Auckland
 
User avatar
jigsaw
just joined
Posts: 9
Joined: Mon Jul 19, 2021 2:44 pm

Re: Two RB4011s, Two LAN, one WAN  [SOLVED]

Fri Jul 23, 2021 4:04 pm

I see 10th port is not in the bridge any more on either side. That's good :)

You definitely don't need to change the DHCP gateway on Router A, so please change it back to 192.168.192.1

It seems that firewall could be one of the issues here. One of quickest ways to get the traffic flowing on Router A would be to remove ether10 (or "NanoBean PoE") from WAN interface list. The list by itself does nothing but rules using it In this case just creates more obstacles than benefits. Also you'd need to add 192.168.192.0/24 network to "LAN" address list on Router B. That might be sufficient to get internet working for hosts behind Router A (unless I'm missing something).

I'm a little confused on how do you get a reply form 192.168.20.1 with "destination host unreachable" while pinging 192.168.20.6 from a host behind Router A. This reply seems to indicate that Router A can't see Routers B mac address. Could you try pinging 192.168.20.1 from Router B and 192.168.20.6 from Router A and post the results? Perhaps that'd make it more clear.

Overall there are quite a few I would fix as well as redundant rules in both firewalls, but unless we organize some voice call or smth, cleaning those up (with explanations on why you need or don't need something), does not seem to be feasible to do here.
 
ge0rge
just joined
Topic Author
Posts: 7
Joined: Wed Jul 21, 2021 12:03 pm

Re: Two RB4011s, Two LAN, one WAN

Sat Jul 24, 2021 8:34 am

Sir, you are a gentleman and a scholar!

I reset router A to defaults this morning and removed all the firewall rules - Router B can do all the heavy lifting for both I feel. Added in the routes we have discussed above and then adding 192.168.192.0/24 network to the "LAN" address list on Router B made all the difference - I now have internet at both locations.


Thanks again for your time and knowledge.
 
User avatar
jigsaw
just joined
Posts: 9
Joined: Mon Jul 19, 2021 2:44 pm

Re: Two RB4011s, Two LAN, one WAN

Mon Jul 26, 2021 12:05 pm

Excellent. Glad to hear it worked out.

Thank you for being a gentleman yourself and marking thread as solved as well as posting a follow-up status. I imagine a lot of people don't do that.
And thank you for the kind words. Made my day :)

Who is online

Users browsing this forum: SMARTNETTT and 36 guests