Community discussions

MikroTik App
 
Atushko
just joined
Topic Author
Posts: 2
Joined: Sun Feb 05, 2023 3:20 am
Location: Kyiv, Ukraine

Accessing second LAN from primary one

Sun Feb 05, 2023 3:40 am

Hi guys,

I am struggling with setting up access between my 2 LANs at home.

Here is how network built
network.png
Important to add that TPlink is connected through WAN and has it's own network. This setup is needed for many personal reasons.


So, basically
I am able now to ping 192.168.88.xxx from 192.168.0.xxx which is logical since it's parent network
However, I can't neither ping 192.168.0.xxx nor access it from 192.168.88.xxx

I want to have access from 192.168.0.xxx to 192.168.88.xxx and vice verca.

I have tried multiple dst-nat and src-nat rules from the forum, however, no luck.
Could you please advise, is this even possible?

Adding ip settings:
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ip accounting
set account-local-traffic=yes enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
/ip cloud
set ddns-update-interval=5m
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=8.8.8.8 name="Google Public DNS"
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=192.168.88.1 dst-port=8124 protocol=tcp to-addresses=192.168.88.252 to-ports=8123
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address-type=local dst-port=8123 protocol=tcp to-addresses=192.168.88.252 to-ports=8123
add action=masquerade chain=srcnat dst-address=192.168.88.252 dst-port=8123 out-interface=bridge protocol=tcp src-address=192.168.88.0/24
add action=dst-nat chain=dstnat dst-port=7356 in-interface=ether1 protocol=udp to-addresses=192.168.88.210 to-ports=7356
/ip traffic-flow
set enabled=yes interfaces=bridge
Thank you in advance
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Accessing second LAN from primary one

Sun Feb 05, 2023 11:47 pm

Sorry your diagram and words dont jive......
The TP LInk looks like its on the MT routers LAN.

What is the brand of AP connected to the MT Router?

Is the TP link connected to a separate ISP provider ( via modem or via modem router aka does it get a public or private IP )

What do you mean by blackout, again, if you have no electricity what does it matter what router you have setup????
 
Atushko
just joined
Topic Author
Posts: 2
Joined: Sun Feb 05, 2023 3:20 am
Location: Kyiv, Ukraine

Re: Accessing second LAN from primary one

Mon Feb 06, 2023 3:25 pm

Sorry your diagram and words dont jive......
The TP LInk looks like its on the MT routers LAN.

What is the brand of AP connected to the MT Router?

Is the TP link connected to a separate ISP provider ( via modem or via modem router aka does it get a public or private IP )

What do you mean by blackout, again, if you have no electricity what does it matter what router you have setup????

Wifi AP is xiaomi which is connected through LAN port and has DHCP server off, so it works only as WiFi AP for MT network.
TP link is connected through WAN port from MT
Blackout means blackout :)
MT and TP-Links are powered by 12v UPS with battery so, once the electricity goes off, consumption is switched to battery and MT and TP link routers work.

The reason for all this:
I have xiaomi hub for smart home, which cannot connect to it's servers if it's connected to MT LAN (through wifi AP). But, it works great through TP-Link network (which gets internet from MT, huh). This is known issue for Mikrotiks and someone has workaround like setting Chinese DNS, which doesn't work for me. I have also try disabling all NAT and Firewall rules, but no luck. However, again, through tp link it works just great. But, I thought that configuring access through networks would be easier and that's why I am here
 
User avatar
broderick
Member Candidate
Member Candidate
Posts: 242
Joined: Mon Nov 30, 2020 7:44 pm

Re: Accessing second LAN from primary one

Mon Feb 06, 2023 7:16 pm


I want to have access from 192.168.0.xxx to 192.168.88.xxx and vice verca.
It's up to your tp-link router to allow devices on 192.168.88.xxx to get acces to its own LAN (192.168.0.xxx )
So, you need to set up "input" and "forward" firewall rules on it too.

Who is online

Users browsing this forum: Netstumble and 49 guests