Hello,

Well, this is my second time typing this post - the first time I clicked submit, the forum logged me out and I lost the lot! Frustrating! Oh well.

Our business recently acquired another, which comes with four users and a fully kitted-out win2k8 server (mail, file etc.). We're moving this other business in-house, and wish to place them on a separate subnet, so that their server and network can continue running as before.

The problem is that because of logistical and practical limitations with our building, we are forced to use EoP (ethernet over power) in place of cable drops. So our router is therefore configured with all the ports switched/bridged, and there's no possibility of using a dedicated port to connect the second organisation.

What I'd like to do, then, is place this second organisation behind a mikrotik router which is doing NAT in 'both directions' - so that any host can talk to any other host, and we can share resources. The simple network diagram should illustrate what I mean. Is this possible using hairpin nat or 1:1 nat or should I be looking at something else? I'm open to using a VLAN or something if someone would be kind enough to point me in the right direction. I've tried playing around with 1:1 NAT but didn't get anywhere so thought I would ask for help.

To repeat for clarity - there's no way that I can run a cable from our router to theirs. We can only use EoP, which just works as a L2 switch.
I presently have this second network just running behind a cheap home router which is working fine, except that we can't reach hosts on their network and I'd like a mikrotik-level of control over the traffic.

Many thanks,
Jeremy

Any reason you don't just an ip address from each subnet (the default gateway address for network hosts) onto the RB1100 LAN bridge interface. Down side is you will have to static ally assign addresses on one subnet as both subnets are on the same L2 segment.

Looking at you network diagram you have Ethernet cables between network2 and the hosts on this network - if so a better solution would be to define a VLAN on the RB1100 LAN bridge interface and on a single port of your second mikrotik. Just add the remaining ports and the VLAN to a bridge and move the default gateway address for network2 onto the VLAN interface on the RB1100

Any reason you don't just an ip address from each subnet (the default gateway address for network hosts) onto the RB1100 LAN bridge interface. Down side is you will have to static ally assign addresses on one subnet as both subnets are on the same L2 segment.

Looking at you network diagram you have Ethernet cables between network2 and the hosts on this network - if so a better solution would be to define a VLAN on the RB1100 LAN bridge interface and on a single port of your second mikrotik. Just add the remaining ports and the VLAN to a bridge and move the default gateway address for network2 onto the VLAN interface on the RB1100

Thanks for your reply Murray.

I ended up 'solving' the problem just before you posted your replies. Rather than create the network on the RB2011, I added an address to the RB1100's bridge like so:
On the second router I set everything up as normal so it's doing DHCP, nat etc (with DNS going through the first router, which is ideal):
Now, this works, and I can indeed get to any host on either network from the other. But if there's some reason that this isn't a good solution, please tell me. I'm intrigued by your suggestion of VLANs and would like to give it a go at some point.

Cheers,
J