Community discussions

MikroTik App
 
botcoder
just joined
Topic Author
Posts: 8
Joined: Mon Jun 03, 2019 10:12 pm

Routing between subnets (2 WAN IPs, 1 static)

Sun Nov 22, 2020 9:01 am

Hi,

Config is as follows

Main Router - RB4011 -> Connected to ONT (bypass mode)
eth1/eth2 - part of BRIDGEWAN - WAN IP is DHCP from ATT (45.x.x.x, gateway 45.x.x.x)
eth3-eth9 part of BRIDGELAN dhcp serves LAN 192.168.88.0/24
NAT masquerade set for BRIDGEWAN by Mikrotik
Clients in 192.168.88.x can access internet

eth10 - Static WAN IP from ATT (subnet routed by ATT) (107.x.x.x gateway eth10)
eth10 is connected to secondary router ( PFSense Virtual router running as a VM under Proxmox )
PFSense WAN gets another static IP fro the block and feeds another LAN 192.168.100.x
Nat masquerade set for Eth10 by PfSense virtual router
Clients in 192.168.100.x can access internet



/ip route

4 routes

0.0.0.0 to 45.x.x.x.x gateway
45.x.x.0/22 via bridgewan
107.x.x.x/29 via eth10
192.168.88.0/24 via 192.168.88.1


Basically my question is how to allow only certain hosts in 192.168.88.0 lan to see a certain host in 192.168.100.x lan

At present since Rule 11 below is disabled I can ping hosts from 192.168.100.x to 192.168.88x but NOT from 192.168.88.x to 192.168.100.x (which is what I want to do)

I can confirm that the Pfsense firewall is not seeing the ICMP from 192.168.88.x and neither is the Mikrotik log showing a drop
Last edited by botcoder on Thu Nov 26, 2020 3:34 am, edited 2 times in total.
 
Sob
Forum Guru
Forum Guru
Posts: 6266
Joined: Mon Apr 20, 2009 9:11 pm

Re: Routing between subnets (2 WAN IPs, 1 static)

Mon Nov 23, 2020 12:13 am

You don't have any route to 192.168.100.x, so packets to these addresses are sent to internet.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
botcoder
just joined
Topic Author
Posts: 8
Joined: Mon Jun 03, 2019 10:12 pm

Re: Routing between subnets (2 WAN IPs, 1 static)

Mon Nov 23, 2020 3:57 am

Yeah, I did notice that and earlier tried to add a static route

dst-address=192.168.100.0/32 via gateway 107.x.x.94 (WAN IP of eth10) and this did not work. I wonder if the route 0 takes priority and sends everything out via the main WAN interface (eth0)

I will sniff and check where the traffic is going
 
botcoder
just joined
Topic Author
Posts: 8
Joined: Mon Jun 03, 2019 10:12 pm

Re: Routing between subnets (2 WAN IPs, 1 static)

Mon Nov 23, 2020 4:06 am

ok, the traffic from 192.168.88.x to 192.168.100.x is hitting the bridgelan and bridgewan but not eth10 even though I added a static route to 192.168.100.x via ether10
 
botcoder
just joined
Topic Author
Posts: 8
Joined: Mon Jun 03, 2019 10:12 pm

Re: Routing between subnets (2 WAN IPs, 1 static)

Mon Nov 23, 2020 4:57 am

@Sob Please check the change. The icmp packets are hitting both internet and bridgelan but not ether10 after adding a static route to 192.168.100.x
 
Sob
Forum Guru
Forum Guru
Posts: 6266
Joined: Mon Apr 20, 2009 9:11 pm

Re: Routing between subnets (2 WAN IPs, 1 static)  [SOLVED]

Mon Nov 23, 2020 5:27 am

You can't have interface as gateway, it must be the address on the other router.

If I understand it correctly and you have routed subnet, where RB has 107.x.x.X/29 on ether10 and the other router has 107.x.x.Y/29 on its WAN interface, then the gateway is 107.x.x.Y. And route's dst-address must have correct mask, most likely /24, definitely not /32.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
botcoder
just joined
Topic Author
Posts: 8
Joined: Mon Jun 03, 2019 10:12 pm

Re: Routing between subnets (2 WAN IPs, 1 static)

Mon Nov 23, 2020 7:07 am

@Sob

Thanks, I was incorrectly setting route via interface not the actual gateway address. Yes, I do have a routed subnet.

ICMP from 192.168.88.x is hitting the 2nd PFSense router and can see it in the live log.

Who is online

Users browsing this forum: Bing [Bot], gkoleff, Znevna and 196 guests