Community discussions

MikroTik App
 
tom4365
just joined
Topic Author
Posts: 2
Joined: Fri Apr 02, 2021 12:01 am

How to connect 2 networks

Fri Apr 02, 2021 9:48 pm

Hi,
I currently I have a "network 1" with subnet 10.0.0.1/24 with DSL (and active DHCP that can't be turned off), a bridged router and some devices. However this network is not always powered on.
network.png
Now I additionally got a LTE-Router (with it's own DHCP and VPN capability) and want to use it so that device 1 is always connected to the internet (in network 2 with subnet 192.168.0.1/24). However, currently I only have a very limited LTE data plan so I just want device 1 to be connected to the LTE internet and the rest should use the DSL internet if it is available (maybe sometime in the future I will completely switch to LTE).

If I connect from outside to the VPN of the LTE-Router I want to access all devices in the 192.168.0.1/24 subnet (for e.g. device 2).
Connected to the managed switch there will also be an access point which provides WiFi (the internet should be used from the DSL-router).
Both subnets should be reachable from each other (for e.g. device 2 can reach device 5 and reverse).
Therefore I thought about putting a mikrotik router between network 1 and network 2 and maybe add a static route for it so both networks can reach each other.
In the access point I would then add a static IP (with the gateway from the DSL-Router) so the internet there is provided from network 1.

What I did was the following:
I bought a Mikrotik hAP lite, used the "home AP"-quickset as a starting point and removed ether3 and ether4 from the bridge (in bridge-ports) and instead added in interface->interface-list 2 interfaces for ether3 and ether4.
Under IP->addresses I then added 2 static IPs for both interfaces ether3 (192.168.0.10) and ether4 (10.0.0.10).

Additionally I added also a static route on both DSL-Routers for the other network.

However, also searched to forum and added some firewall rules but I am still not able to ping devices from network 1 while in network 2 and reverse.
Below are some configuration outputs:

/ip address print
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.88.1/24 192.168.88.0 ether2
1 10.0.0.10/24 10.0.0.0 ether4
2 192.168.0.10/24 192.168.0.0 ether3

/ip route print
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADC 10.0.0.0/24 10.0.0.10 ether4 0
1 ADC 192.168.0.0/24 192.168.0.10 ether3 0
2 ADC 192.168.88.0/24 192.168.88.1 bridge 0

/ip firewall filter print
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked log=no log-prefix=""
2 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""
4 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
5 ;;; defconf: accept in ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=in,ipsec
6 ;;; defconf: accept out ipsec policy
chain=forward action=accept log=no log-prefix="" ipsec-policy=out,ipsec
7 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix=""
8 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked log=no log-prefix=""
9 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
10 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""
11 chain=forward action=accept src-address=192.168.0.0/24 dst-address=10.0.0.0/24 in-interface=ether3 out-interface=ether4 log=yes
12 chain=forward action=accept src-address=10.0.0.0/24 dst-address=192.168.0.0/24 in-interface=ether4 out-interface=ether3 log=yes

/ip firewall nat print
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none
1 ;;; to allow ping to subnet
chain=srcnat action=masquerade src-address=192.168.0.0/24 out-interface=ether3 log=no log-prefix=""
2 ;;; to allow ping to other subnet
chain=srcnat action=masquerade src-address=10.0.0.0/24 out-interface=ether4 log=no log-prefix=""

Can someone help me what might be the issue in the configuration of the Mikrotik router?
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: stef70 and 66 guests