I'm sure it's been posted many times in the forums, and I've been reading to try and find it, but I just can't and I'm running out of time, so I regretfully ask something that's probably been answered before.
I have two subnets on one router, separated due to location, not due to permissions or security. (I know, why not just use a larger subnet and have all of them, shame on me)
I am unable to connect to shared windows drives from the other subnet, I've currently only got access to one side of the subnet and I am also unable to ping by hostname.
I just want to verify if I made a mistake in my router configuration. I would appreciate any assistance, or recommendations.
Trying to learn this, but for this current one I'm on a timeline.
Code: Select all
/interface bridge
add admin-mac=4C:5E:0C:C0:90:37 arp=proxy-arp auto-mac=no fast-forward=no mtu=1500 name=bridge-lan
add name=bridge-tlan
add name=bridge-wan
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=TLAN
set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=sfp1 ] disabled=yes
/interface ethernet switch port
set 6 vlan-mode=fallback
set 7 vlan-mode=fallback
set 8 vlan-mode=fallback
set 10 vlan-mode=fallback
set 12 vlan-mode=fallback
/interface list
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=43 name=Unifi value=0x010440BA0A16
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=hgh-conv
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=hgh-conv pfs-group=modp2048
/ip pool
add name=dhcp ranges=192.168.55.50-192.168.55.254
add name=highnorth ranges=192.168.88.10-192.168.88.200
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-lan lease-time=1d name=dhcp-lan
add address-pool=highnorth disabled=no interface=bridge-tlan lease-time=1h name=dhcp-highnorth
/interface bridge port
add bridge=bridge-lan hw=no interface=ether2
add bridge=bridge-lan hw=no interface=ether4
add bridge=bridge-lan hw=no interface=ether5
add bridge=bridge-lan hw=no interface=sfp1
add bridge=bridge-wan interface=ether1-gateway
add bridge=bridge-wan hw=no interface=ether3
add bridge=bridge-tlan interface=ether9
/interface list member
add interface=bridge-tlan list=LAN
add interface=bridge-lan list=LAN
/ip address
add address=192.168.55.1/24 comment="default configuration" interface=ether2 network=192.168.55.0
add address=192.168.88.1/24 interface=bridge-tlan network=192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=bridge-wan
/ip dhcp-server lease
add address=192.168.55.73 client-id=1:54:e1:40:61:63:c7 mac-address=54:E1:40:61:63:C7 server=dhcp-lan
add address=192.168.55.74 client-id=1:54:e1:40:61:67:47 mac-address=54:E1:40:61:67:47 server=dhcp-lan
add address=192.168.55.5 client-id=1:c0:74:ad:7d:b5:2a comment="Grandstream PBX" mac-address=C0:74:AD:7D:B5:2A server=dhcp-lan
add address=192.168.88.127 client-id=1:e0:9d:31:e0:96:e7 mac-address=E0:9D:31:E0:96:E7 server=dhcp-highnorth
add address=192.168.88.252 client-id=1:78:8a:20:7f:f0:18 mac-address=78:8A:20:7F:F0:18 server=dhcp-highnorth
/ip dhcp-server network
add address=192.168.55.0/24 comment="default configuration" dhcp-option=Unifi dns-server=192.168.55.1,192.168.88.1 gateway=192.168.55.1 netmask=24
add address=192.168.88.0/24 dhcp-option=Unifi dns-server=192.168.88.1,192.168.55.1 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=0.0.0.0/8 comment="Comment=RFC6890" list=not_in_internet
add address=192.168.0.0/16 comment="Comment=RFC6890" list=not_in_internet
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established
add action=accept chain=input comment="default configuration" connection-state=related
add action=accept chain=input dst-port=500,1701,4500 in-interface=bridge-wan protocol=udp
add action=accept chain=input in-interface=bridge-wan protocol=ipsec-esp
add action=accept chain=input in-interface-list=dynamic
add action=drop chain=input comment="default configuration" in-interface=bridge-wan
add action=accept chain=forward comment="default configuration" connection-state=established
add action=accept chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=accept chain=forward dst-address=192.168.55.0/24 src-address=192.168.88.0/24
add action=accept chain=forward dst-address=192.168.88.0/24 src-address=192.168.55.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=bridge-wan
add action=dst-nat chain=dstnat dst-port=35000 in-interface=bridge-wan protocol=tcp to-addresses=192.168.55.9 to-ports=35000
add action=dst-nat chain=dstnat dst-port=35000 in-interface=bridge-wan protocol=udp to-addresses=192.168.55.9 to-ports=35000
add action=masquerade chain=srcnat out-interface=bridge-tlan
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-autodetect=no time-zone-name=America/Halifax
/system identity
set name=TobinConv