Anyway, while I'm pretty sure this can be done, though please correct me if I'm wrong, I'm not 100% certain exactly how to configure my MB4011 to do this. I started to work on things myself, set up bridge2 with only port 9 on it (for the connection to his house) and removed port 9 from the default bridge (now named bridge1). I figured it would be easiest to set up a static IP address for port 9 and statically configure his own router as well instead of using DHCP, though maybe I'm thinking wrong. I'm guessing I need to have the wireless links on my network side but maybe it doesn't matter. Anyway, I drew up a rough network map to give you an idea of the current setup and what I'm thinking I should do.
Right now, my network is a 192.168.10.0/24 with the MB4011 at 192.168.10.1. He was planing on using 172.16.0.0/24 I think on his end with 172.16.0.1 for his router. I think the only thing we would need to worry about is just whatever port numbers we use for any servers or whatever we expose to the internet so there isn't any overlap, yes? Currently, neither one of us are doing anything special like that though I do currently have UPnP turned on for my Xbox ports and maybe I should turn it off and statically forward the ports instead.
Any ideas of how to go about setting things up like I'm describing, or am I "barking up the wrong tree" as it were? Thanks in advance for any advice!
Here is the rough network map I was thinking of: Here is my current config:
Code: Select all
# sep/03/2021 15:20:17 by RouterOS 6.48.1
# software id = XNZ5-SD9F
#
# model = RB4011iGS+
# serial number = D4450DE3C8A5
/interface ethernet
set [ find default-name=ether1 ] comment="WAN - Motorola 8600"
set [ find default-name=ether2 ] comment="Switch Ports"
set [ find default-name=ether9 ] comment="Robert's Port"
set [ find default-name=ether10 ] comment="UBNT AP-AC-Lite" \
power-cycle-ping-address=192.168.10.251 power-cycle-ping-enabled=yes \
power-cycle-ping-timeout=10m
set [ find default-name=sfp-sfpplus1 ] comment="SFP Disabled" disabled=yes
/interface bridge
add admin-mac=08:55:31:CC:6C:3F auto-mac=no comment=defconf name=bridge1
add admin-mac=08:55:31:CC:6C:3F auto-mac=no comment=defconf name=bridge2
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=dhcp ranges=192.168.10.100-192.168.10.250
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=12h name=\
defconf
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1 comment=defconf interface=ether2
add bridge=bridge1 comment=defconf interface=ether3
add bridge=bridge1 comment=defconf interface=ether4
add bridge=bridge1 comment=defconf interface=ether5
add bridge=bridge1 comment=defconf interface=ether6
add bridge=bridge1 comment=defconf interface=ether7
add bridge=bridge1 comment=defconf interface=ether8
add bridge=bridge2 comment=defconf interface=ether9
add bridge=bridge1 comment=defconf interface=ether10
add bridge=bridge1 comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all internet-interface-list=WAN
/interface list member
add comment=defconf interface=bridge1 list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.10.1/24 comment=defconf interface=ether2 network=\
192.168.10.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="defconf - WAN" disabled=no interface=ether1 use-peer-dns=no \
use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.10.80 comment="Honeywell Thermostat" mac-address=\
00:D0:2D:90:0C:2A server=defconf
add address=192.168.10.251 client-id=1:18:e8:29:fd:f5:9d comment=\
"UBNT AP-AC-Lite" mac-address=18:E8:29:FD:F5:9D server=defconf
add address=192.168.10.90 client-id=1:4c:3b:df:80:32:3 comment="RSJ Series X" \
mac-address=4C:3B:DF:80:32:03 server=defconf
/ip dhcp-server network
add address=192.168.10.0/24 comment=defconf dns-server=192.168.10.1 gateway=\
192.168.10.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=9.9.9.9,1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.10.1 comment=defconf name=router.local
add address=127.0.0.1 comment="Android TV Ad server" name=\
androidtvwatsonfe-pa.googleapis.com
/ip firewall address-list
add address=192.168.10.1 comment="For redirecting DNS requests to Mikrotik (or\
\_another DNS server on the network)" list=DNS_Forward
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="DNS redirect TCP/UPD" \
dst-address-list=!DNS_Forward dst-port=53 in-interface=bridge1 protocol=\
tcp to-addresses=192.168.10.1 to-ports=53
add action=dst-nat chain=dstnat dst-address-list=!DNS_Forward dst-port=53 \
in-interface=bridge1 protocol=udp to-addresses=192.168.10.1 to-ports=53
/ip traffic-flow
set cache-entries=1k
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=bridge1 type=internal
/system clock
set time-zone-name=America/Chicago
/system ntp client
set enabled=yes server-dns-names=time.windows.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN