Hi all,

First, I know this is an unusual setup, sorry for this.

In the base configuration (Router 1), I have one Ethernet port and wlan2 on a bridge. Two further Ethernet ports in different subnets. So the Router 1 addresses are 192.168.197.1 (subnet 2), .198.1 (subnet 3), .199.1 (bridge).



"All" I want to do is a plug & play solution (both variants shall work), where any traffic is routed (wireless) to another router 2, that hosts basically the same configuration/subnets.

So on Router 1, I configured a static route to 0.0.0.0/0 to Router 2 and all traffic - if the default route (distance 0) is not active - is routed via this static route. All fine.

However, in the other direction I am missing a (maybe small) thing: From Router 2, I cannot access Router 1 (.197.1), as the default route (distance 0) is active, but I need a custom route. The default route cannot be deleted or distance changed. How can I route the traffic to Router 1?

Thank you,
Daniel

Routes are chosen up to "best match", so if there are two routes, 192.0.0.0/8 and 192.168.0.0/16, a packet to 192.168.x.y will use the latter even through its destination address matches both of them. A packet to 192.a.b.c where a != 168 will use the former.

In another words - in your scenario, you don't need to delete the default route, it is enough to add the one you need.

But maybe I have completely misunderstood what you actually want.

But maybe I have completely misunderstood what you actually want.

You are not alone

Thank you for the hint sindy (also thanks to rextended for digging into), this is in fact what I was looking for. Quote from IP/Route docs:

If there are several routes that apply to a particular IP address, the most specific one (with largest netmask) is used. This operation (finding the most specific route that matches given address) is called routing table lookup.

Previously, I set the route with same netmask and thus the distance 0 of the default route was always preferred. So to say a case of RTFM
So the solution for my (obviously confusing) question is to configure a more specific route to 192.168.197.1/32 on Router 2, instead of 192.168.197.0/24.



Router 1 can now be reached from Router 2 (WinBox Terminal) with 197.1, however, I cannot reach 197.1 from subnet 2 clients. I am lacking basic routing concepts

Would appreciate if someone can point me to what I need to look into. Goal is to reach 197.1 target from 197.10 client. It is not possible to change the client configuration. Is this a problem of masquerading?

Thank you,
Daniel

I'm risking getting called patronizing by a 3rd party again, but let me assume you lack the networking basics.

If it is sufficient that devices using a given subnet are only connected to one of the routers (let's say router 2), assign an address from that subnet only to router 2, not to router 1. There must be a subnet the two routers have in common, and the addresses in these subnets can be used as gateways for routes to the other router. Example:

Router 1:
/ip address
add address=a.a.a.1/30 interface=wlan1
/ip route
add dst-address=b.b.b.0/24 gateway=a.a.a.2

Router 2:
/ip address
add address=a.a.a.2/30 interface=wlan1
add address=b.b.b.1/24 interface=ether1
/ip route
add dst-address=0.0.0.0/0 gateway=a.a.a.1

If you need that some devices that use a given subnet are connected to Router 1 and some other devices using the same subnet are connected to Router 2, you have to use bridging, not routing. This approach is definitely not recommended as you waste bandwidth on the link between the routers by broadcast traffic, but sometimes it is necessary. If this is what you really need (your original drawing shows otherwise, the last one induces doubt), you need to set up a vlan-aware bridge at both routers and use the wireless link as a trunk connection. Details on request.

If it is sufficient that devices using a given subnet are only connected to one of the routers (let's say router 2)

Unfortunately, both setups have to work with a single configuration.

If you need that some devices that use a given subnet are connected to Router 1 and some other devices using the same subnet are connected to Router 2, you have to use bridging, not routing.

I am aware of bridges, but there are reasons why I cannot bridge the clients, one of them is that the 197.10 client must not be modified and has no gateway defined (i.e. only 197.0/24 is accessible).
To be more precise, required connections are:
- only client 197.10 needs access to router 1 (router 1 has a dst-nat to 199.10)
- only client 199.10 needs access to 197.10
With the single router setup, this is absolutely trivial, I obviously underestimated the complexity with 2 routers. Is a vlan bridge in fact needed for this? Valuable information would be if you can confirm that a single configuration can work with both setups.

Thanks for your time!

If 192.168.197.10 has no gateway configured, it cannot actively connect anywhere outside its subnet unless it connecs to devices in the same subnet that use port forwarding to deliver the request to the actual destination; it can only accept incoming connections from outside its own subnet if the router that delivers these connections uses a src-nat to make the connections look as if they come from itself.

You can bridge the VLAN that hosts 192.168.197.0/24 over the wireless link and at the same time use other VLAN(s) on that link to either bridge the other subnets or to host just the interconnection subnet, so subnet2 and subnet3 can be only on Router 2 and routed via the interconnection subnet.

So in the above sense, both setups (routed and bridged) can be used in parallel. Is it an answer to your question?

Thank you sindy for this input.

If 192.168.197.10 has no gateway configured, it cannot actively connect anywhere outside its subnet unless it connecs to devices in the same subnet that use port forwarding to deliver the request to the actual destination; it can only accept incoming connections from outside its own subnet if the router that delivers these connections uses a src-nat to make the connections look as if they come from itself.

Yes, router 1 has both a dst-nat and a masquerade for this interface.

Is it an answer to your question?

I guess so I first have to dig into VLANs before I can try this out - not sure when I will find time. Once working, I'll share the configuration for completeness.