Community discussions

 
fox1047
just joined
Topic Author
Posts: 4
Joined: Wed Dec 05, 2018 9:31 am

Can't access hosts in neighbor subnet without nat

Thu Jan 10, 2019 10:26 am

Hello.
I have network without dhcp with all IPs being static.
I wanted to add a wifi to this network and for it to be easier to connect i decided to create new subnet with DHCP.
I setup Mikrotik hAP lite and created routing rules on my firewall/router

Image

Problem is that access one subnet from another, but i can access internet from both subnets.
I found a way to access 192.168.2.0 subnet from 192.168.128.0 subnet using NAT, but it doesn't work other way around.
Can you please help me?
 
mkx
Forum Guru
Forum Guru
Posts: 1318
Joined: Thu Mar 03, 2016 10:23 pm

Re: Can't access hosts in neighbor subnet without nat

Thu Jan 10, 2019 12:55 pm

You're missing a static route on Kerio. It should read something like this (linux command syntax):
route add -n 192.168.128.0 gw 192.168.2.154 netmask 255.255.255.0
or ROS syntax:
/ip route add dst-address=192.16.182.0/24 gateway=192.168.2.154
And probably add some allow rule to the Kerio FireWall as well. Beware that connection tracking between the two subnets on hte Kerio won't be possible (due to how IP works) so you might want to switch off connection tracking for traffic between these two subnets as well.


A bit cleaner solution would be to configure hAP lite as bridge between wireless and the rest of LAN and start a DHCP server somewhere (also possible to run it on hAP ac). The problem is that such DHCP server would answer to requests from wired network as well, so this solution might not be feasible for your needs.
BR,
Metod
 
fox1047
just joined
Topic Author
Posts: 4
Joined: Wed Dec 05, 2018 9:31 am

Re: Can't access hosts in neighbor subnet without nat

Thu Jan 10, 2019 1:32 pm

You're missing a static route on Kerio
I already have one.
Image
And probably add some allow rule to the Kerio FireWall as well.
I gonna look into it.
A bit cleaner solution would be to configure hAP lite as bridge between wireless and the rest of LAN and start a DHCP server somewhere (also possible to run it on hAP ac). The problem is that such DHCP server would answer to requests from wired network as well, so this solution might not be feasible for your needs.
It totally would, but it don't worth the time now because this static network have like 200 hosts and company gonna be moving to a new location in a few months.
But thank you for your suggestion.
 
fox1047
just joined
Topic Author
Posts: 4
Joined: Wed Dec 05, 2018 9:31 am

Re: Can't access hosts in neighbor subnet without nat  [SOLVED]

Mon Jan 14, 2019 9:12 am

I figured out a solution for this problem.
What helped me is disabling second nat that i created for guest network.

Who is online

Users browsing this forum: Google [Bot], nescafe2002, serveria and 62 guests