I am a beginner and I am just learning how to use Mikrotik Router Os. I am stuck on one level and can't find a solution.
The structure of the network is like this:
Internet -> Router -> [Network A] -> TP-Link -)))) ((((- Mikrotik wAP -> Switch -> [Network B]
Network A 192.168.178.0
Network B 192.168.88.0
I have a Network A which is my main network. Internet is connected to my router, and different devices connected to this router. Among others a TP-Link EAP110 AP, which I use to connect the Network A with my second network (Network B) what is created by Mikrotik wAP Outdoor AP.
I did the basic configuration, both networks are working now and I have internet access on every device. From Network B I can reach every other device, the main router, I can ping, ssh, so on, all OK.
But I have one problem. From Network A I can't access Network B, I can't even ping it. I tried lot of setting, change firewall on Mikrotik, but nothing helped.
I have an idea, maybe the firewall of the Mikrotik, but I run out of energy for searching, maybe here someone could give me some hints.
Thank you.
This is the configuration of my the Mikrotik:
Code: Select all
export hide-sensitive
# nov/13/2022 15:10:04 by RouterOS 6.49.7
# software id = DFS5-8X6A
#
# model = RBwAPG-5HacD2HnD
/interface bridge
add admin-mac=18:FD:74:7A:7B:4F auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=defcon
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installation=outdoor mode=ap-bridge ssid=MikroTik-7A7B51 wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX comment=defcon disabled=no distance=indoors frequency=2437 installation=outdoor wireless-protocol=802.11
/interface wireless manual-tx-power-table
set wlan1 comment=defcon
/interface wireless nstreme
set wlan1 comment=defcon
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 trusted=yes
add bridge=bridge comment=defconf interface=wlan2 trusted=yes
add bridge=bridge comment=defconf interface=ether1 trusted=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=LAN lan-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=wlan1 list=WAN
/interface wireless cap
set discovery-interfaces=bridge interfaces=wlan1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add disabled=no interface=wlan1
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defcon
/ip dhcp-server lease
add address=192.168.88.7 client-id=ff:d:96:8f:69:0:2:0:0:ab:11:aa:29:3d:fe:5c:45:d8:40 mac-address=00:1D:09:F0:E4:80 server=defcon
/ip dhcp-server network
add address=192.168.88.0/24 comment=defcon dns-server=8.8.8.8 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add address=192.168.178.0/24 list=allowed_to_router
add address=192.168.88.0/24 list=allowed_to_router
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" in-interface=wlan1 protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=input comment="allow Winbox" port=8291 protocol=tcp
add action=accept chain=input comment="allow SSH" port=22 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=wlan1
/ip pool
add name=dhcp next-pool=dhcp ranges=192.168.88.1-192.168.88.254
/ip route
add distance=1 gateway=192.168.178.1
/ip service
set ssh port=2200
set www-ssl disabled=no
set winbox address=192.168.88.0/24,192.168.178.0/24
/system identity
set name=RouterOS
/system ntp client
set enabled=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN