Community discussions

MikroTik App
 
costel
just joined
Topic Author
Posts: 23
Joined: Sat May 05, 2012 6:05 pm

Static route - connect to a secondary LAN

Mon Apr 12, 2021 2:53 pm

Hello,

I have a location where is no Internet. Have to add Internet and connect to already existing LAN and offer internet to a smart TV.
So I have
- Tenda LTE Modem
- RB750Gr3 Mikrotik router

Actual configuration:
- ether1 is WAN IP 192.168.0.182 obtained via DHCP from Tenda
- ether2 to ether4 in brigde , 192.168.88.0/24 - LOCAL LAN
- ether5 IP 192.168.1.234/24 connected to existing local network

When I connect a laptop or TV to any of port 2->4 I can not ping adress from 192.168.1.0/24, only Internet

What I did:
/ip route
add distance=1 dst-address=192.168.1.0/24 gateway=192.168.1.1%ether5 pref-src=192.168.1.234 routing-mark=to_eth5
add check-gateway=ping distance=1 gateway=192.168.0.1
/ip firewall mangle
add action=mark-connection chain=input dst-address=192.168.1.0/24 new-connection-mark=eth5_conn passthrough=yes
add action=mark-routing chain=output dst-address=192.168.1.0/24 new-routing-mark=to_eth5 passthrough=yes
What I am missing ?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Static route - connect to a secondary LAN

Mon Apr 12, 2021 3:20 pm

Your case is pretty simple and there's no need to play with mangling and routing marks. Remove everything shown in your config excerpt except for the default route (add check-gateway=ping distance=1 gateway=192.168.0.1). Simply adding IP address (with correct subnet mask) to ether5 already allows routing towards that subnet.

The likely problem with lack of connectivity between 192.168.88.0/24 and 192.168.1.0/24 is different: existing LAN has to know how to reach your new subnet. There are a few possibilities how to get there:

  1. on default gateway of 192.168.1.0/24 add static route towards 192.168.88.0/24 using gateway address 192.168.1.234.
    If it doesn't work, then probably also firewall settings on said default gateway have to be adjusted. Reason is that with such setup, a routing triangle: packet from 192.168.88.x will pass RB750Gr3 and on directly to 192.168.1.y. Return packet will go from 192.168.1.z (default gateway), then to RB750Gr3 and to 192.168.88.x ... which will make default gateway of 192.168.1.0/24 see only one direction and this usually upsets stateful firewalls.
    Variant of the above is to create "routing subnet", only both routers would connect to it. Then configure routes on both routers towards other subnet using peer's IP address (in the routing subnet). This way avoids problems of routing triangle since all traffic between both subnets has to pass both routers.
  2. make static routes for 192.168.88.0/24 using gw 192.168.1.234 on all involved hosts in 192.168.1.0/24
    this will avoid routing triangle but causes lots of manual work
  3. enable SRC NAT on RB750Gr3 for traffic targeting 192.168.1.0/24.
    Everything will work without changes on any of existing LAN nodes. The gotcha is that all 192.168.88.0/24 subnet will be hidden behind RB750Gr3. Due to that connections originating from existin LAN towards 192.168.88.0/24 won't be possible.

As you see, all possibilities have some drawbacks, you'll have to decide which one to implement. Choice also depends on what can actually be done on current LAN default router.
 
costel
just joined
Topic Author
Posts: 23
Joined: Sat May 05, 2012 6:05 pm

Re: Static route - connect to a secondary LAN

Mon Apr 12, 2021 5:09 pm

Yes, the return route was the problem. As I have to access only one host from existing LAN adding the route and a firewall rule are sufficient.
Thank you for your support!

Who is online

Users browsing this forum: aoravent, Bing [Bot], loloski and 81 guests