Community discussions

MikroTik App
 
otorenik
just joined
Topic Author
Posts: 10
Joined: Thu Nov 18, 2021 9:16 pm

subnets

Thu Nov 25, 2021 9:14 pm

HI,
can you help me?
I have three LANs - Bridges on CRS326:

ISP on ether 1
Bridge A: 192.168.1.0/24 (2-22) CRS326
Bridge B: 192.168.2.0/24 (23 - spf1) connected with CSS326 number1
Bridge C: 192.168.3.0/24 (24-spf2) connected with CSS326 number2

On Bridge B, I have connected NAS server (Qnap)
On Bridge C, I have connected another server
I CAN ping all of them from any bridge and connect to Internet
Issue:
I can see my servers only when am I in same subnet ??
When I am connected with PC (win10) on different subnet ,then it is not working (It doesn´t connect)except ping????

Please for help and sorry for my english ;)
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: subnets

Fri Nov 26, 2021 2:46 pm

It is probably issue with firewall settings, but it's impossible to say for sure ... unless you post (anonymized) configuration. Execute command /export hide-sensitive file=anynameyouwish inside terminal window, fetch resulting file, open it in text editor, obfuscate any remaining sensitive information (e.g. public IP address or PPPoE username and password) and copy-paste it in post inside [code] [/code] environment.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: subnets

Fri Nov 26, 2021 3:09 pm

In short,
Please post your config,
 
otorenik
just joined
Topic Author
Posts: 10
Joined: Thu Nov 18, 2021 9:16 pm

Re: subnets

Sun Nov 28, 2021 10:42 am

Thank you for helping me;
I have been adding new test bridge 40....
Here is configuration:
/interface bridge
add name=bridge20
add name=bridge30
add name=bridge40_test
add name=bridge_Main priority=0x9000
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp ranges=192.168.10.2-192.168.10.254
add name=pool20 ranges=192.168.20.2-192.168.20.254
add name=pool30 ranges=192.168.30.2-192.168.30.254
add name=pool40 ranges=192.168.40.2-192.168.40.254
/ip dhcp-server
add address-pool=pool30 disabled=no interface=bridge30 name=dhcp3
add address-pool=pool20 disabled=no interface=bridge20 name=dhcp2
add address-pool=dhcp disabled=no interface=bridge_Main name=dhcp1
add address-pool=pool40 disabled=no interface=bridge40_test name=dhcp40_test
/interface bridge port
add bridge=bridge_Main interface=ether2
add bridge=bridge_Main disabled=yes interface=ether19
add bridge=bridge_Main interface=ether4
add bridge=bridge_Main interface=ether5
add bridge=bridge_Main interface=ether6
add bridge=bridge_Main interface=ether7
add bridge=bridge_Main interface=ether8
add bridge=bridge_Main interface=ether9
add bridge=bridge_Main interface=ether10
add bridge=bridge_Main interface=ether11
add bridge=bridge_Main interface=ether13
add bridge=bridge_Main interface=ether14
add bridge=bridge_Main interface=ether15
add bridge=bridge_Main interface=ether16
add bridge=bridge_Main interface=ether17
add bridge=bridge_Main interface=ether18
add bridge=bridge_Main disabled=yes interface=ether20
add bridge=bridge_Main interface=ether3
add bridge=bridge_Main interface=ether21
add bridge=bridge_Main interface=ether22
add bridge=bridge20 interface=ether23
add bridge=bridge30 interface=ether24
add bridge=bridge20 interface=sfp-sfpplus1
add bridge=bridge30 interface=sfp-sfpplus2
add bridge=bridge40_test interface=ether19
add bridge=bridge40_test interface=ether20
/interface list member
add interface=ether1 list=WAN
add interface=bridge_Main list=LAN
add interface=bridge30 list=LAN
add interface=bridge20 list=LAN
/ip address
add address=192.168.10.1/24 interface=bridge_Main network=192.168.10.0
add address=192.168.20.1/24 interface=bridge20 network=192.168.20.0
add address=192.168.30.1/24 interface=bridge30 network=192.168.30.0
add address=192.168.40.1/24 interface=bridge40_test network=192.168.40.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=8.8.8.8 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1
add address=192.168.30.0/24 dns-server=8.8.8.8 gateway=192.168.30.1
add address=192.168.40.0/24 dns-server=8.8.8.8 gateway=192.168.40.1
/ip dns
set servers=8.8.8.8
/ip firewall address-list
add address=192.168.10.0/24 comment=main_bridge list=moji_LANi
add address=192.168.20.0/24 comment=bridge20 list=moji_LANi
add address=192.168.30.0/24 comment=bridge30 list=moji_LANi
add address=192.168.40.0/24 comment=bridge40_test list=moji_LANi
/ip firewall filter
add action=accept chain=input src-address-list=moji_LANi
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip kid-control device
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: subnets

Sun Nov 28, 2021 6:07 pm

Okay so the switch is also a router and you are using bridges to dish subnets to sets of ports vice using VLANs.
Four bridges
Four pools
Four dhcp servers.
so far so good.

(1) Why is bridge test NOT part of the LAN interface group??

(2) if this is acting as a router why dont you have any firewall rules??
 
otorenik
just joined
Topic Author
Posts: 10
Joined: Thu Nov 18, 2021 9:16 pm

Re: subnets

Mon Nov 29, 2021 10:22 am

Yes, I forgot to assign bridge40 test - but it is not matter because important bridges are main, 20 and 30...;)
About firewall - I am testing without any rules to resolute issue.
Do I need forward port 443 for traffic between subnets?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: subnets

Mon Nov 29, 2021 3:16 pm

Sorry if you are connected to the internet without any rules I will not help further.
The default firewall rules are safe and do not stop any connectivity (do not cause issuesa) and by removing them you have no security.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: subnets

Mon Nov 29, 2021 9:06 pm

If there's no firewall on router, then it's certainly not blocking access between your subnets. It could be the other devices, maybe their firewalls don't like access from other than their local subnet.
 
otorenik
just joined
Topic Author
Posts: 10
Joined: Thu Nov 18, 2021 9:16 pm

Re: subnets

Wed Dec 01, 2021 8:48 am

Thanks....I think "Sob" are right......
I would like to have NAS on different subnet.....but I am afraid it is not solution to do this.
When I connected in same subnet with PCs it works fine......but......:(
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: subnets

Wed Dec 01, 2021 9:18 am

I can see my servers only when am I in same subnet ??

All these sorts of "discovery" mechanisms are design to only work WITHIN THE SAME LAN / IP-SUBNET !!
So it might be very normal certain devices don't automagically "show" up if your main PC is sitting in another subnet.

The bottom line, can you connect manually ? Eg on your PC on 192.168.1.x can you for example reach a QNAP managemt interface on https://192.168.2.x
Can you for example RDP to a server in 192.168.3.x
What applications / ports / services are you tryingg to use across the different subnets ?
 
otorenik
just joined
Topic Author
Posts: 10
Joined: Thu Nov 18, 2021 9:16 pm

Re: subnets

Wed Dec 01, 2021 9:18 pm

Yes,
I can connected to WEB management QNAP(static address) on different subnet, but I cant find server over Qfinder (asked on QNAP forum-they told me no-go).
Also I have another server bOS Configurator (static address) for smart living house configure.....but I can not connected to server, only on WEB Client!
They told me that I need to open 443 port.
Do I need top open specially on FW?

BR
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: subnets

Wed Dec 01, 2021 11:03 pm

No firewall = everything is open (it's btw good idea to fix that). And port 443 is usually used by https, so web. Seems unusual that if would be used for some kind of autodiscovery.
 
otorenik
just joined
Topic Author
Posts: 10
Joined: Thu Nov 18, 2021 9:16 pm

Re: subnets

Thu Dec 02, 2021 9:15 pm

Yes, server address is https://192.168.40.x/
 
otorenik
just joined
Topic Author
Posts: 10
Joined: Thu Nov 18, 2021 9:16 pm

Re: subnets

Thu Dec 02, 2021 10:25 pm

and also port 16100
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: subnets

Thu Dec 02, 2021 10:55 pm

I'm not sure what useful info I can add. Firewall in RouterOS allow everything by default (when it's blank), so anything you don't block can pass through. Different subnets may be problem, because manufacturers of other devices may not support that scenario. In some cases you may be able to live without their tools.

For example file sharing with NAS between subnets is no problem, you just won't be able to discover it automatically, but you can access it by IP address, or configured hostname (either locally or on router). Either make a shortcut for it, or map network drive, you do it once and it's there. Configuration should also be no problems, NASes usually have web interface, which you again can access using IP address.

With something else it may be more problematic. If the only way to control something is proprietary tool that simply doesn't support devices in other subnets, you may be out of luck there.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: subnets

Fri Dec 03, 2021 9:39 am

In addition to what @sob mentioned: since security became high-profile stuff lately, quite some gadgets won't allow connections (either management only or even service) from IP addresses outside device's own IP subnet. So check settings to see if some sort of firewall on device blocks such connections.
 
otorenik
just joined
Topic Author
Posts: 10
Joined: Thu Nov 18, 2021 9:16 pm

Re: subnets

Fri Dec 03, 2021 4:16 pm

ok, how to open or forward port
-example: 16100 from 192.168.10.x to 192.168.20.x?
Is it possible to check in Winbox which ports are open?
Thank you
BR
 
otorenik
just joined
Topic Author
Posts: 10
Joined: Thu Nov 18, 2021 9:16 pm

Re: subnets

Fri Dec 03, 2021 4:46 pm

Also this server using multicast. Is it here maybe issue?
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: subnets

Fri Dec 03, 2021 5:57 pm

Yes, only unicast traffic is routed unless you install and configure the multicast package.
 
spynappels
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Oct 25, 2021 12:32 pm
Location: Northern Ireland
Contact:

Re: subnets

Fri Dec 03, 2021 8:35 pm

ok, how to open or forward port
-example: 16100 from 192.168.10.x to 192.168.20.x?
Is it possible to check in Winbox which ports are open?
Thank you
BR
Ports are open between LAN subnets unless explicitly blocked using the firewall.

Who is online

Users browsing this forum: Bing [Bot], hatred, jharig, Nospam and 46 guests