Hi,
I currently I have a "network 1" with subnet 10.0.0.1/24 with DSL (and active DHCP that can't be turned off), a bridged router and some devices. However this network is not always powered on.
Now I additionally got a LTE-Router (with it's own DHCP and VPN capability) and want to use it so that device 1 is always connected to the internet (in network 2 with subnet 192.168.0.1/24). However, currently I only have a very limited LTE data plan so I just want device 1 to be connected to the LTE internet and the rest should use the DSL internet if it is available (maybe sometime in the future I will completely switch to LTE).
If I connect from outside to the VPN of the LTE-Router I want to access all devices in the 192.168.0.1/24 subnet (for e.g. device 2).
Connected to the managed switch there will also be an access point which provides WiFi (the internet should be used from the DSL-router).
Both subnets should be reachable from each other (for e.g. device 2 can reach device 5 and reverse).
Therefore I thought about putting a mikrotik router between network 1 and network 2 and maybe add a static route for it so both networks can reach each other.
In the access point I would then add a static IP (with the gateway from the DSL-Router) so the internet there is provided from network 1.
What I did was the following:
I bought a Mikrotik hAP lite, used the "home AP"-quickset as a starting point and removed ether3 and ether4 from the bridge (in bridge-ports) and instead added in interface->interface-list 2 interfaces for ether3 and ether4.
Under IP->addresses I then added 2 static IPs for both interfaces ether3 (192.168.0.10) and ether4 (10.0.0.10).
Additionally I added also a static route on both DSL-Routers for the other network.
However, also searched to forum and added some firewall rules but I am still not able to ping devices from network 1 while in network 2 and reverse.
Below are some configuration outputs:
/ip address print
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.88.1/24 192.168.88.0 ether2
1 10.0.0.10/24 10.0.0.0 ether4
2 192.168.0.10/24 192.168.0.0 ether3
/ip route print
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADC 10.0.0.0/24 10.0.0.10 ether4 0
1 ADC 192.168.0.0/24 192.168.0.10 ether3 0
2 ADC 192.168.88.0/24 192.168.88.1 bridge 0
/ip firewall filter print
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked log=no log-prefix=""
2 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""
4 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
5 ;;; defconf: accept in ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
6 ;;; defconf: accept out ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=out,ipsec
7 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""
8 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked log=no log-prefix=""
9 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
10 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""
11 chain=forward action=accept src-address=192.168.0.0/24 dst-address=10.0.0.0/24 in-interface=ether3 out-interface=ether4 log=yes
12 chain=forward action=accept src-address=10.0.0.0/24 dst-address=192.168.0.0/24 in-interface=ether4 out-interface=ether3 log=yes
/ip firewall nat print
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none
1 ;;; to allow ping to subnet
chain=srcnat action=masquerade src-address=192.168.0.0/24 out-interface=ether3 log=no log-prefix=""
2 ;;; to allow ping to other subnet
chain=srcnat action=masquerade src-address=10.0.0.0/24 out-interface=ether4 log=no log-prefix=""
Can someone help me what might be the issue in the configuration of the Mikrotik router?