Hi!
I need to communicate between two different subnets, the configuration is as per the attached diagram. At the moment if from a device connected to the Fritz network in class 1 I try to ping a device connected to the hap ac2 in class 2 I get "host unreachable". Can I set a firewall rule on hap ac2 to make class 2 connected devices accessible?
Thank you.
Communication between two different sub-networks
You do not have the required permissions to view the files attached to this post.
Re: Communication between two different sub-networks
The problem is that you need to define a route on Fritz to reach subnet 192.168.2.0 through connection to the hAP (to 192.168.1.200).
So you need to check on Fritz how to set a static route to hAP.
So you need to check on Fritz how to set a static route to hAP.
Re: Communication between two different sub-networks
Thanks for your reply.The problem is that you need to define a route on Fritz to reach subnet 192.168.2.0 through connection to the hAP (to 192.168.1.200).
So you need to check on Fritz how to set a static route to hAP.
I've followed this guide to configure a static route on Fritz to reach the subnet 192.168.2.0 ( https://en.avm.de/service/knowledge-bas ... FRITZ-Box/ ).
However, I still can't ping the devices on subnetwork 2 from 1. I don't understand point 2 of the linked guide, how can I set the mikrotik? Am I missing a NAT rule perhaps? The mikrotik is configured with a route 0.0.0.0/0 pointing to the gateway 192.168.1.1 and with a NAT rule on the srcnat with src address 192.168.2.0 out interface ether1 with action=masquerade
I'm italian too, if you want we can PM so i can write in italian, my english is quite limited
Re: Communication between two different sub-networks
From Mikrotik side if you used default config you should be ok, because RouterOS creates automatically routes for connected networks.
So from Mikrotik can you reach internet through Fritz ? I guess you should be able to, already.
From Fritz you need to make sure that you send the route for destination 192.168.2.0 using as gateway the value 192.168.1.200, the IP that you have assigned to Mikrotik on ETH1.
I’m not sure that this forum allows PM anymore, but if you still have issues you can provide some contact info.
So from Mikrotik can you reach internet through Fritz ? I guess you should be able to, already.
From Fritz you need to make sure that you send the route for destination 192.168.2.0 using as gateway the value 192.168.1.200, the IP that you have assigned to Mikrotik on ETH1.
I’m not sure that this forum allows PM anymore, but if you still have issues you can provide some contact info.
Re: Communication between two different sub-networks
And don't forget, some OSes (Windows is most prominent) include firewalls which by default block any connectikn attempt (pings included) from non-native LAN ... essentially everything that requires using router.
The other problem might be firewall on Mikrotik. Default config considers ether1 to be WAN (untrusted) and blocks everything not explicitly allowed. Also uses SRC-NAT for traffic from LAN to WAN. If you want to use MT as "internal router", you'll have to change quite a few settings there. Which ones depends on how exactly you want it to work ...
The other problem might be firewall on Mikrotik. Default config considers ether1 to be WAN (untrusted) and blocks everything not explicitly allowed. Also uses SRC-NAT for traffic from LAN to WAN. If you want to use MT as "internal router", you'll have to change quite a few settings there. Which ones depends on how exactly you want it to work ...
Re: Communication between two different sub-networks
Ok, i've setup fritz like accarda suggest, but there still be no communication (ping) from sub 1 to sub 2
I believ the problem is this:
I believ the problem is this:
But i don't know how to set it up like you suggested...In particular, I would like the ports 80 and 8888 of the device 192.168.2.10 to be reachable from a device connected to sub 1The other problem might be firewall on Mikrotik. Default config considers ether1 to be WAN (untrusted) and blocks everything not explicitly allowed. Also uses SRC-NAT for traffic from LAN to WAN. If you want to use MT as "internal router", you'll have to change quite a few settings there. Which ones depends on how exactly you want it to work ...
Re: Communication between two different sub-networks
The last sentence doesn't come even close to what I meant with "how exactly you want it to work".
Re: Communication between two different sub-networks
For this particular aspect you need to set a DST NAT rule on your MikroTik to forward traffic from WAN to specific LAN host:In particular, I would like the ports 80 and 8888 of the device 192.168.2.10 to be reachable from a device connected to sub 1
Code: Select all
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.1.200 dst-port=80,8888 protocol=tcp to-addresses=192.168.2.10
Who is online
Users browsing this forum: Google [Bot] and 107 guests