I know this subject has come up many times but I've spent literally two weeks bashing my head against this problem and despit many hours searching this forum, youtube and google in general, I'm no further forward.
Hardware: RB760iGS
RouterOS 7.2.3
Scenario
I need to be able to be able to route traffic between different subnets on the router. One of the ports connects to a microwave link with relatively low bandwidth and I only want traffic destined to that subnet routed over the link. I know a switch will do this anyway but there are different IP subnets involved and I would just prefer to route the packets rather than rely on a switch.
I also have two other subnets in the same building which supply different departments and I would like to allow all traffic between internal LAN subnets without being particularly fussy.
I have tried various methods of getting traffic to flow between subnets. Stand alone ethernet ports, single bridge ports applied to each individual interface, with and without DHCP server running on each bridge port. I'm not new to routers but I am new to Mikrotik. (And I love them). But whatever I try, I just can't get traffic to flow.
So, for my own education, I have setup a very simple subnet layout hoping i can get that working before I change settings to suit the actual network.
My IP and default gateway settings on client laptops attached to each ether port are correct.
I can ping the default gateway. And I can ping any of the other ports on the router. But I cannot ping a host on any subnet attached to any of the other ethernet ports.
The automatic routes are being added between subnets correctly. And as far as I can tell, traffic should be flowing. Routers are supposed to do this automatically out of the box right?
So, for example, On subnet 192.168.0.0 I have host 192.168.0.1 and ether port on router is 192.168.0.254 The same is true for subnet 192.168.1.0 for host 192.168.1.1 and ether on router 192.168.1.254. From 192.168.0.1 I can ping all addresses EXCEPT for host 192.168.1.1
I can ping google.com. This goes through Ether1 to my upstream mikrotik. So this test one is behind a firewall. Hence, I'm not too concerned about deleting all the firewall rules for now while I try to get it working. I have deleted ALL rules on the firewall on the router but this doesn't help.
I really don't know where I am going wrong and will REALLY appreciate some help please.
If I am trying to do this in an old fashioned or depreciated way and this method has been superseded by something more efficient, please tell me. This should be simple but it's driving me up the wall
Here is my output from export file=myconfig.cfg
Code: Select all
# jun/14/2022 12:27:01 by RouterOS 7.2.3
# software id = A3PW-8394
#
# model = RB760iGS
# serial number = <CENSORED>
/interface ethernet
set [ find default-name=ether1 ] name=internet
set [ find default-name=ether2 ] name=localnet-1
set [ find default-name=ether3 ] name=localnet-2
set [ find default-name=ether4 ] name=localnet-3
set [ find default-name=ether5 ] name=localnet-4
/disk
set sd1 disabled=no
set sd1-part1 disabled=no name=disk1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.1.2-192.168.1.20
add name=dhcp_pool2 ranges=192.168.2.2-192.168.2.20
add name=dhcp_pool3 ranges=192.168.3.2-192.168.3.20
add name=dhcp_pool4 ranges=192.168.4.2-192.168.4.20
/ip dhcp-server
add address-pool=dhcp_pool1 interface=localnet-1 name=dhcp1
add address-pool=dhcp_pool2 interface=localnet-2 name=dhcp2
add address-pool=dhcp_pool3 interface=localnet-3 name=dhcp3
add address-pool=dhcp_pool4 interface=localnet-4 name=dhcp4
/port
set 0 name=serial0
/ip address
add address=172.16.16.123/24 interface=internet network=172.16.16.0
add address=192.168.1.254/24 interface=localnet-1 network=192.168.1.0
add address=192.168.2.254/24 interface=localnet-2 network=192.168.2.0
add address=192.168.3.254/24 interface=localnet-3 network=192.168.3.0
add address=192.168.4.254/24 interface=localnet-4 network=192.168.4.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=172.16.16.254,8.8.4.4,8.8.8.8 domain=\
Tamarind gateway=192.168.1.254
add address=192.168.2.0/24 dns-server=172.16.16.254,8.8.4.4,8.8.8.8 domain=\
Tamarind gateway=192.168.2.254
add address=192.168.3.0/24 dns-server=172.16.16.254,8.8.4.4,8.8.8.8 domain=\
Tamarind gateway=192.168.3.254
add address=192.168.4.0/24 dns-server=172.16.16.254,8.8.4.4,8.8.8.8 domain=\
Tamarind gateway=192.168.4.254
/ip dns
set allow-remote-requests=yes servers=172.16.16.254,8.8.4.4,8.8.8.8
/ip firewall filter
add action=accept chain=forward dst-address=0.0.0.0 in-interface=all-ethernet \
out-interface=all-ethernet protocol=tcp src-address=0.0.0.0 \
src-address-list=""
/ip firewall nat
add action=masquerade chain=srcnat comment=localnet-1 out-interface=internet \
src-address=192.168.1.0/24
add action=masquerade chain=srcnat comment=localnet-2 out-interface=internet \
src-address=192.168.2.0/24
add action=masquerade chain=srcnat comment=localnet-3 out-interface=internet \
src-address=192.168.3.0/24
add action=masquerade chain=srcnat comment=localnet-4 out-interface=internet \
src-address=192.168.4.0/24
/ip route
add distance=1 gateway=172.16.16.254
/system clock
set time-zone-name=Africa/Harare
/system identity
set name=KaguviCore
/system ntp client
set enabled=yes
/system ntp client servers
add address=time.google.com
terminal code
[admin@KaguviCore] /ip/route> print Flags: D - DYNAMIC; I, A - ACTIVE; c, s, y - COPY; H - HW-OFFLOADED Columns: DST-ADDRESS, GATEWAY, DISTANCE # DST-ADDRESS GATEWAY DISTANCE 0 As 0.0.0.0/0 172.16.16.254 1 DAc 172.16.16.0/24 internet 0 DAc 192.168.1.0/24 localnet-1 0 DAc 192.168.2.0/24 localnet-2 0 DIcH 192.168.3.0/24 localnet-3 0 DIcH 192.168.4.0/24 localnet-4 0Regards and thanks in advance.
Dave
