Community discussions

MikroTik App
 
karnasw
just joined
Topic Author
Posts: 22
Joined: Thu Aug 22, 2019 4:07 pm
Location: Poland

Connect Mikrotik to other router with WLAN for access to printer

Wed Mar 29, 2023 10:41 am

Hi, I have two separated networks with ISPs. On my mikrotik I have network with address 192.168.162.0/24, on second network is OpenWrt with address 192.168.77.0/24. I connected printer to second network which I want to have access from my mikrotik network. Is it possible to connect from Mikrotik to OpenWrt, get access to that network and don't lose posibility of ap bridge on mikrotik?

More details:
Mikrotik router's IP is 192.168.162.1, OpenWrt router's IP is 192.168.77.1 and have WLAN in AP mode. Both have internet on WAN port and both have DHCP servers. Printer has IP 192.168.77.200.
Diagram:
MikrotikToPrinter1.png
Mikrotik config:
# mar/29/2023 21:06:55 by RouterOS 7.8
# software id = JDS9-ZLIT
#
# model = RBD52G-5HacD2HnD
# serial number = XXXXXXXXXXXX
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country=poland disabled=no installation=indoor mode=ap-bridge ssid=KRS
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country=poland disabled=no installation=indoor mode=\
    ap-bridge ssid=KRS wps-mode=disabled
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \
    name=Hotspot supplicant-identity=""
add authentication-types=wpa2-psk mode=dynamic-keys name=huawei \
    supplicant-identity=""
/ip pool
add name=dhcp ranges=192.168.162.100-192.168.162.255
/ip dhcp-server
add address-pool=dhcp interface=bridge1 lease-time=1h name=dhcp
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether2
add bridge=bridge1 ingress-filtering=no interface=ether3
add bridge=bridge1 ingress-filtering=no interface=ether4
add bridge=bridge1 ingress-filtering=no interface=ether5
add bridge=bridge1 ingress-filtering=no interface=wlan1
add bridge=bridge1 interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=\
    LAN wan-interface-list=WAN
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1 certificate=*2 cipher=aes256-cbc default-profile=openvpn \
    enabled=yes require-client-certificate=yes
/interface wireguard peers
add allowed-address=10.0.0.2/32 interface=wireguard1 public-key=\
    ""
add allowed-address=10.0.0.3/32 interface=wireguard1 public-key=\
    ""
/ip address
add address=192.168.162.1/24 interface=ether2 network=192.168.162.0
add address=192.168.8.2/24 disabled=yes interface=ether1 network=192.168.8.0
add address=10.0.0.1/24 interface=wireguard1 network=10.0.0.0
/ip dhcp-client
add interface=ether1
add disabled=yes interface=wlan2
/ip dhcp-server lease
/ip dhcp-server network
add address=192.168.162.0/24 dns-server=192.168.162.1 gateway=192.168.162.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.162.10 name=raspberrypi.karnas
add address=192.168.162.1 name=routeros.karnas
add address=192.168.162.105 name=lgtv.karnas
add address=192.168.162.11 name=pihole.karnas
/ip firewall address-list
add address=192.168.162.2-192.168.162.254 list=allowed_to_router
add address=192.168.8.1-192.168.8.254 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
    not_in_internet
add address=XXX.XXX.XXX.XXX list=WAN
add address=192.168.162.0/24 list=LAN
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment=\
    "defconf: drop all not coming from LAN - OFF" disabled=yes \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid log=yes log-prefix=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input comment="drop input - OFF" disabled=yes
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \
    protocol=icmp
add action=drop chain=forward comment=\
    "Drop incoming from internet which is not public IP - OFF" disabled=yes \
    in-interface=ether1 log=yes log-prefix=!public src-address-list=\
    not_in_internet
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
    protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
    protocol=icmp
add action=accept chain=icmp comment=\
    "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
    protocol=icmp
add action=drop chain=icmp comment="deny all other types"
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Pi Server" dst-address=\
    XXX.XXX.XXX.XXX dst-port=80,443 protocol=tcp to-addresses=192.168.162.10
add action=dst-nat chain=dstnat comment="SSH Raspberry Pi" dst-address=\
    XXX.XXX.XXX.XXX dst-port=16222 protocol=tcp to-addresses=192.168.162.10 \
    to-ports=22
add action=masquerade chain=srcnat comment="NAT Loopback" dst-address=\
    192.168.162.10 out-interface=bridge1 protocol=tcp src-address=\
    192.168.162.0/24
add action=dst-nat chain=dstnat comment="Supla App Pi Docker" dst-address=\
    XXX.XXX.XXX.XXX dst-port=2015,2016 protocol=tcp to-addresses=\
    192.168.162.10
add action=dst-nat chain=dstnat comment="Moonlight Internet Stream" \
    dst-address=XXX.XXX.XXX.XXX dst-port=47984,47989,48010 protocol=tcp \
    to-addresses=192.168.162.100
add action=dst-nat chain=dstnat comment="Moonlight Internet Stream" \
    dst-address=XXX.XXX.XXX.XXX dst-port=47998,47999,48000,48002,48010 \
    protocol=udp to-addresses=192.168.162.100
add action=dst-nat chain=dstnat comment="COD Warzone" dst-address-list=WAN \
    dst-port=3074,27014-27050 protocol=tcp to-addresses=192.168.162.100
add action=dst-nat chain=dstnat dst-address-list=WAN dst-port=\
    3074,3478,4379-4380,27000-27031,27036 protocol=udp to-addresses=\
    192.168.162.100
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.8.1 \
    pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=1622
set api disabled=yes
set api-ssl disabled=yes
/ppp profile
add dns-server=172.31.88.1 local-address=10.0.0.1 name=openvpn \
    remote-address=*2 use-encryption=required
/ppp secret
add name=user profile=openvpn service=ovpn
/system clock
set time-zone-name=Europe/Warsaw
/system script
add dont-require-permissions=no name=WakeOnLan_MSI-B660-KRS owner=admin \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    source="tool wol interface=ether3 mac=XXXXXXXXXXXXXXXXX"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

You do not have the required permissions to view the files attached to this post.
Last edited by karnasw on Wed Mar 29, 2023 10:15 pm, edited 3 times in total.
 
User avatar
Ca6ko
Member
Member
Posts: 498
Joined: Wed May 04, 2022 10:59 pm
Location: Kharkiv, Ukraine

Re: Connect Mikrotik to other router with WLAN for access to printer

Wed Mar 29, 2023 11:35 am

 
karnasw
just joined
Topic Author
Posts: 22
Joined: Thu Aug 22, 2019 4:07 pm
Location: Poland

Re: Connect Mikrotik to other router with WLAN for access to printer

Thu Mar 30, 2023 12:02 am

Added more info.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connect Mikrotik to other router with WLAN for access to printer

Thu Mar 30, 2023 12:42 am

Good day.............
It looks like both of your routers do not have public IP so thats not a good start.
Can you access the ISP modem on the open wrt router side and forward ports to the openwrt router from the ISP router?

As for the MT behind the LTE device, can you get a custom APN for a private IP or are you stuck with a cgnat useless WANIP?
 
karnasw
just joined
Topic Author
Posts: 22
Joined: Thu Aug 22, 2019 4:07 pm
Location: Poland

Re: Connect Mikrotik to other router with WLAN for access to printer

Thu Mar 30, 2023 10:57 am

Hi, I didn't add public IP information because I think it's not important in this case (both routers have public external IP). I want only to add network from OpenWrt router to Mikrotik to have access to printer, I can do that by WLAN, but don't know how to do that. Probably I have to use VLAN.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5325
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Connect Mikrotik to other router with WLAN for access to printer

Thu Mar 30, 2023 12:28 pm

Requirements are not clear.
Why is WLAN being mentioned all the time ? That's wifi ??

2 separate networks, that I see.
How come the IP address of the printer is in a totally different subnet then OpenWRT box ? Something is missing on the drawing.

Left one having public IP, right one behind CGNAT, yes ?
You want to print from computer on the right to printer on the left, yes ?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connect Mikrotik to other router with WLAN for access to printer

Thu Mar 30, 2023 1:52 pm

I suspect same building diff apartment because he said they can connect via WLAN.............
 
holvoetn
Forum Guru
Forum Guru
Posts: 5325
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Connect Mikrotik to other router with WLAN for access to printer

Thu Mar 30, 2023 2:04 pm

If it's indeed like that (= both ends under own control), connect via WLAN (but not sure how OpenWRT is going to do the bridging, not my cup of tea).
Otherwise VPN (pick any, preference for ZTC-package yet to be created and distributed)
Last edited by holvoetn on Thu Mar 30, 2023 2:34 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Connect Mikrotik to other router with WLAN for access to printer

Thu Mar 30, 2023 2:29 pm

May not be the case, think two apartments where one chap has a printer and is willing to share it with a neighbour.
If WLAN is possible, just share the printer via WLAN and be done with it, yes its confusing.

Who is online

Users browsing this forum: blejzu, tangent, Uqbar and 52 guests