Page 1 of 1

Link 2 different lan

Posted: Tue Jul 30, 2019 9:56 am
by Thunderstorm92
Hi,

I have a problem to add a computer in my configuration. I have 2 router, one provided by the ISP, the other is a mikrotik linked LAN-WAN.
each router creates separate LANs, the first 192.168.1.0, the second 192.168.10.0.
Now i have the problem to add 2 pc (one is a server), that they were visible from the two networks.
How can i do?

Re: Link 2 different lan

Posted: Tue Jul 30, 2019 7:29 pm
by anav
So you are attempting to do double nat.
The first router from the ISP, is connected directly to the internet and modem and gives out lan addresses of 192.168.1.XX
You then connect the mikrotik router to one of the LAN ports on the ISP router and it receives a LANIP of 192.168.1.55 (for example).

192.168.1.55 is now the WANIP of the Mikrotik router.
You have created a LAN network behind the Mikrotik router with lan addresses of 192.168.10.yy
Lets say you put the server on 192.168.10.33

If you want the server to be visible from the internet then you have to port forward twice.
Once in the ISP router (on port XX to IP address 192.168.1.55)
Second on the MIkrotik router (on port XX coming in on WAN, to IP 192.168.10.33)

As for making the server visible on both networks that is a different story.
If both units are on the MIkrotik then one would need forward chain filter rules that state
all traffic coming in from 192.168.1.55 (in-interface=wan, source address = 192.168.1.0/24) is permitted to the IP address of your server.

If the the server is on the ISP router It may be enough to create a forward filter rule that says
source traffic 192.168.10.0/24 in-interface=lan is allowed to access destination address 192.168.1.zz (where zz is server when on ISP router network).
You can narrow this traffic down by port and type TDP, UCP etc......

There may be more elegant solutions of routing but I it is out of my knowledge domain.

Not sure what you meant by second PC??

Re: Link 2 different lan

Posted: Mon Aug 05, 2019 11:10 am
by Thunderstorm92
i try to do like you say. Server has the ip 192.168.10.3
In firewall filters:
chain: farward
src. address : 192.168.1.0/24
dst address: 192.168.10.3
input interface: eth1 (the port wan link to port lan of ISP router)
action: accept

But when i ping the server on a pc in lan of ISP (192.168.1.0/24) nothing happen.