Community discussions

MikroTik App
 
MrChance
just joined
Topic Author
Posts: 2
Joined: Thu May 19, 2022 4:28 pm

Can't route between 2 subnets

Thu May 19, 2022 4:42 pm

Hello everyone

I am new to Mikrotik and to networking as a whole. I would like to set up a Router on the stick with Mikrotik as the router. I have the following setup:

ether1: 192.168.88.0/24 (LAN)
ether10:192.168.100.0/24 (Router-Firewall)

I would like to ping from 192.168.88.0/24 subnet to hosts in 192.168.100.0/24 subnet, but i can't.
The end goal is that :
192.168.88.0/24 to foward the traffic to a firewall that is in the 192.168.100.0 subnet, and the 192.168.100.0/24 to be only for the communication between Mikrotik and the Firewall. (Maybe 192.168.100.0/30)

My config is:
# model = RB1100Dx4

/interface ethernet switch port

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=192.168.88.0
add address=192.168.100.2/28 interface=ether10 network=192.168.100.0
/ip firewall filter
add action=accept chain=forward dst-address=192.168.100.0/24 log=yes src-address=192.168.88.0/24
add action=accept chain=forward dst-address=192.168.88.0/24 log=yes src-address=192.168.100.0/24

Thanks in advance
 
sid5632
Long time Member
Long time Member
Posts: 553
Joined: Fri Feb 17, 2017 6:05 pm

Re: Can't route between 2 subnets

Sat May 21, 2022 3:42 am

/28 != /24
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Can't route between 2 subnets

Sat May 21, 2022 4:19 am

I am new to Mikrotik and to networking as a whole.

Start here. The "How Packets Are Routed" article may be most immediately helpful, but read all three articles.

I have the following setup:

Aside from the subnet mask error sid5632 pointed out, you've got two subnets without any routing rules between them. At minimum, you need something like "/ip/route add dst-address=192.168.88.0/24 gateway=192.168.100.2" to get packets from the 0 network to the 100 network, and its inverse to get the replies back.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: Can't route between 2 subnets

Sat May 21, 2022 2:58 pm

At minimum, you need something like "/ip/route add dst-address=192.168.88.0/24 gateway=192.168.100.2" to get packets from the 0 network to the 100 network, and its inverse to get the replies back.
No, not in this case. Directly connected networks (e.g. adding an IP address to an ethernet interface) automatically create appropriate routes.

It does need a default route for traffic to anywhere other than 192.168.88.0/24 or 192.168.100.0/24, plus a route on the OPs firewall to it knows that 192.168.88.0/24 is reachable via 192.168.100.2 for more general connectivity to work.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Can't route between 2 subnets

Sun May 22, 2022 3:45 am

Start here. The "How Packets Are Routed" article may be most immediately helpful, but read all three articles.
In the Route Selection section, the third item states "Route should not be synthetic."

I am not familiar with the term synthetic route, and google wasn't particularly helpful, with almost all references to organic chemistry reactions. Even the search synthetic site:mikrotik.com only finds the reference above, plus some entries concerning synthetic interfaces (related to VMs).

Does anyone know what this Route should not be synthetic means?

There are some other oddities in the article, for example what appears to be a "note" left by the writer that there needs to be a way to print private attributes.
Route attributes.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Can't route between 2 subnets

Sun May 22, 2022 9:25 am

I am new to Mikrotik and to networking as a whole. I would like to set up a Router on the stick with Mikrotik as the router. I have the following setup:

ether1: 192.168.88.0/24 (LAN)
ether10:192.168.100.0/24 (Router-Firewall)

I would like to ping from 192.168.88.0/24 subnet to hosts in 192.168.100.0/24 subnet, but i can't.
The end goal is that :
192.168.88.0/24 to foward the traffic to a firewall that is in the 192.168.100.0 subnet, and the 192.168.100.0/24 to be only for the communication between Mikrotik and the Firewall. (Maybe 192.168.100.0/30)
I would get basic routing working first, then worry about setting up the firewall on the MikroTik. This is assuming that you already have an upstream firewall in the 192.168.100.0/24 network.

If you are new to networking, the article referenced by @tangent probably looks pretty intimidating, at least it would have to me when I was first learning.

If you have the router setup with two network interfaces with ip addresses, the router should be able to route between them, but there is more needed than just routes on the RB1100Dx4 router; the hosts that want to communicate with each other must know how to get to the network on the other side of the RB1100Dx4.

How are the hosts in 192.168.88.0/24 and 192.168.100.0/24 getting their ip configurations?

If these are windows PC's what do you get from the command:

netstat -rn
ipconfig /all


when that is issued at the command prompt of the two PCs trying to ping each other?

Also, remember that windows PC also have a windows firewall that will block new connections from host that are not on the same network, unless you change that.

Since you RB1100Dx4 has ip addresses in each network, you can do some troubleshooting with it.

From a PC in the 192.168.88.0/24 network can you ping 192.168.88.1?
From a PC in the 192.168.88.0/24 network can you ping 192.168.100.2?

From a PC in the 192.168.100.0/24 network, can you ping 192.168.100.2?
From a PC in the 192.168.100.0/24 network, can you ping 192.168.88.1?

From the RB1100Dx4 router, you can use ping to verify that the hosts are willing to reply to pings from same and another network. (assuming devices with ip addresses 192.168.88.10 and 192.168.100.20)

> ping 192.168.88.10 count=4
> ping 192.168.88.10 src-address=192.168.100.2 count=4
> ping 192.168.100.20 count=4
> ping 192.168.100.20 src-address=192.168.88.1 count=4

For a more gentle introduction to fundamentals, I suggest watching this Networking Fundamentals youtube series by Ed Harmoush (it is generic, not MikroTik specific).

Once you have the fundamentals under your belt, then there are some more advanced MikroTik specific youtube videos.

If you really want to learn networking without needing a lab full of equipment, you can load GNS3 or EVE-ng and emulate routers. That a good way to test complex configs, and you can easily configure and save your labs, but it isn't quite the same as real hardware, where you will run into other issues that are harder to simulate (bad cables, duplex mismatches, etc.).

Here's a good video on troubleshooting with MikroTik Getting Started: MikroTik Troubleshooting (Basics to Advanced) by @TheNetworkBerg
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Can't route between 2 subnets

Tue May 24, 2022 10:45 am

Note primarily to self. Don't respond with detailed answer until OP makes at least one follow up response. Too many drive-by questions where the OP really doesn't want to engage.
 
MrChance
just joined
Topic Author
Posts: 2
Joined: Thu May 19, 2022 4:28 pm

Re: Can't route between 2 subnets

Wed May 25, 2022 4:27 pm

Hello all

Sorry for the late reply. I haven't received a response in a day and I thought no one would respond (I also didn't receive any email or notification that anyone commented). Thank you to each and every one of you. Today I checked every answer and started implementing your tips. I'm already doing it with the vlans routing and the / 28 error, also corrected.

@Buckeye thanks for the clarity and it wasn't intentional!

Who is online

Users browsing this forum: 0xAA55 and 36 guests