Community discussions

MikroTik App
 
MABP
just joined
Topic Author
Posts: 4
Joined: Thu Oct 14, 2021 4:07 pm

Routing betwin too interface

Thu Oct 14, 2021 4:47 pm

Hi everyone
I have the following situation
Router hapAC2 6.47.10
At the First interface I have a network 192.168.1.0/24 (the ip address pool is from 192.168.1.10-192.168.1.99), and in this network I have a server with an ip address of 192.168.1.100
On the second interface, I have only one client with the IP address 192.168.1.101
They NOT bridged

How can I tell the router "if you receive a packet for ip 192.168.1.100 on the second interface - put this packet on the first interface and vice versa"?
Which tool should be used to transfer packets from one port of the router to another port of the router, based on - IP address. Preferably without changing the sender's IP address?
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: Routing betwin too interface

Fri Oct 15, 2021 11:31 pm

This normally works automatically if different subnets are attached to each interface. So if you assign e.g. 192.168.1.1/25 to the first interface, and 192.168.1.129/25 to the second one, and give the host connected to the second interface an address like 192.168.1.130/25 instead of 192.168.1.101/? it currently has, it will work (unless firewall rules say "do not forward traffic between 192.168.1.0/25 and 192.168.1.128/25).
 
MABP
just joined
Topic Author
Posts: 4
Joined: Thu Oct 14, 2021 4:07 pm

Re: Routing betwin too interface

Sun Oct 17, 2021 4:17 pm

This normally works automatically if different subnets are attached to each interface. So if you assign e.g. 192.168.1.1/25 to the first interface, and 192.168.1.129/25 to the second one, and give the host connected to the second interface an address like 192.168.1.130/25 instead of 192.168.1.101/? it currently has, it will work (unless firewall rules say "do not forward traffic between 192.168.1.0/25 and 192.168.1.128/25).
Big thanks for you answer,
yes - it will be works, and i find another way - its turn up "proxy-arp" on bridge
but all of this instrument - it's have low level usability for my task (proxy-arp - i can't control packages between interface, make are different networks (divide /24 by 2 network at /25) - in my situation not good idea because i can't control and some times i can't write are routes on end point devices).
I thought there was a simple tool at mikrotik that allows you to simply shift packages by some attribute
 
kryztoval
newbie
Posts: 27
Joined: Tue Sep 07, 2021 10:46 pm

Re: Routing betwin too interface

Sun Oct 17, 2021 11:24 pm

Technically you can't do this. You can't "route" between different ip addresses in the same subnet (or domain or whatever)

If you have different subnets you can do a destination-nat where you substitute the address. since this is done in the firewall you keep total control on the packets that can go thru that.

Say you want devices on the network 192.168.1.0/24 be able to access a device on 192.168.1.101 for port1
and in port2 you have the server machine that is on ip 192.168.0.101, not bridged no routing no proxy.

Then you add /ip firewall nat add chain=dstnat dst-address=192.168.1.101 action=dst-nat to-address=192.168.0.101

It basically captures all packets to 1.101 and nats it to 0.101
 
MABP
just joined
Topic Author
Posts: 4
Joined: Thu Oct 14, 2021 4:07 pm

Re: Routing betwin too interface

Tue Oct 19, 2021 12:41 pm

Technically you can't do this. You can't "route" between different ip addresses in the same subnet (or domain or whatever)

If you have different subnets you can do a destination-nat where you substitute the address. since this is done in the firewall you keep total control on the packets that can go thru that.

Say you want devices on the network 192.168.1.0/24 be able to access a device on 192.168.1.101 for port1
and in port2 you have the server machine that is on ip 192.168.0.101, not bridged no routing no proxy.

Then you add /ip firewall nat add chain=dstnat dst-address=192.168.1.101 action=dst-nat to-address=192.168.0.101

It basically captures all packets to 1.101 and nats it to 0.101
Thanks for you answer
yes - i understand that i can't do routing between "similar" IP address in one subnet - its routing works on 3 level model OSI
but i think that have any tool that allow "take one packet fome First interface and put this packet on Second interface, by some attribute", in my imagination it's tool must work on 2 level OSI with reading some parameters from package

Yes in classic routing scheme i must give are different subnet for different hosts and make are routing by firewall rules, but it's amazing to me that on a router I can't do simpler things than IP routing, just shifting packets between two interface
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: Routing betwin too interface

Tue Oct 19, 2021 1:11 pm

It should not surprise you that a thing called "router" is primarily designed for routing :)

It should be possible to do it your complicated way if you really need so. Assuming that the "main" 192.168.1.0/24 is attached to ether3 and the "client-only" 192.168.1.0/24" is attached to ether4, you can add two more routing tables, each with a single default route:

/ip route
add routing-mark=via-ether3 gateway=ether3
add routing-mark=via-ether4 gateway=ether4


Then, you add routing rules to override the regular routing:
/ip route rule
add interface=ether3 dst-address=192.168.1.101 action=lookup-only-in-table table=via-ether4
add interface=ether4 src-address=192.168.1.101 action=lookup-only-in-table table=via-ether3


But you still need that the router itself responds with its own MAC address to the ARP requests coming from both the client at 192.168.1.101 and from all hosts responding to the client from the other LAN, because otherwise those devices wouldn't send their traffic to the router at all. If you enable proxy-arp, the router will likely respond to ARP requests for any address within the 192.168.1.0/24, which is not what you want, as that would interfere with communication between hosts in the same LAN. So try creating static ARP records with publish=yes, it should act as a "selective proxy-arp".
 
MABP
just joined
Topic Author
Posts: 4
Joined: Thu Oct 14, 2021 4:07 pm

Re: Routing betwin too interface  [SOLVED]

Tue Oct 19, 2021 6:18 pm

It should not surprise you that a thing called "router" is primarily designed for routing :)

It should be possible to do it your complicated way if you really need so. Assuming that the "main" 192.168.1.0/24 is attached to ether3 and the "client-only" 192.168.1.0/24" is attached to ether4, you can add two more routing tables, each with a single default route:

/ip route
add routing-mark=via-ether3 gateway=ether3
add routing-mark=via-ether4 gateway=ether4


Then, you add routing rules to override the regular routing:
/ip route rule
add interface=ether3 dst-address=192.168.1.101 action=lookup-only-in-table table=via-ether4
add interface=ether4 src-address=192.168.1.101 action=lookup-only-in-table table=via-ether3


But you still need that the router itself responds with its own MAC address to the ARP requests coming from both the client at 192.168.1.101 and from all hosts responding to the client from the other LAN, because otherwise those devices wouldn't send their traffic to the router at all. If you enable proxy-arp, the router will likely respond to ARP requests for any address within the 192.168.1.0/24, which is not what you want, as that would interfere with communication between hosts in the same LAN. So try creating static ARP records with publish=yes, it should act as a "selective proxy-arp".
Very big thanks
You answer is are brilliant - they have clear instruction and little bit close for solution that i need
Will be assume that there is no simple tool for my task, and there is no point in looking further
I will try to implement as you advised through Static ARP recording, and use scripts to dynamically add new connected clients to ARP recording

Who is online

Users browsing this forum: No registered users and 34 guests