Community discussions

MikroTik App
 
shaaban141
just joined
Topic Author
Posts: 4
Joined: Wed Mar 11, 2015 2:03 pm

Help communication clients in both interfaces

Wed Mar 11, 2015 2:10 pm

I have 2 interfaces
wan 192.168.1.1
Lan 197.2.1.1

I need the clients on both interfaces to be able to see each other and share files ??
I don't know how to do this or what is is the suitable rule ??
thanks in advanc
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Help communication clients in both interfaces

Wed Mar 11, 2015 2:24 pm

"You're putting a router onto a network where someone else is the administrator / the router is supplied by the ISP and you do not have control over its configuration."

Is this pretty much a true statement?

This is a routing issue. The "outside" network (192.168.1.0/24) needs to know that your mikrotik is the gateway it should use when trying to reach network 197.2.1.0/24.

You can fix this in a few ways:
- Add a static route in the default gateway router on the 192.168.1.0 network (you need the mikrotik's wan IP to be static)
- Add static routes in the hosts on wan network which need to reach the lan network (sloppy workaround)
- Use NAT on the Mikrotik so that lan-side hosts appear to be the mikrotik's wan IP on the wan network. Note that when using this method, hosts on the wan network will not be able to reach hosts on the lan network.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Help communication clients in both interfaces

Wed Mar 11, 2015 2:32 pm

Default gateway on client is enough to allow file sharing.
If you are using Windows computers, then use //IP_address in explorer to access computer via network.
 
shaaban141
just joined
Topic Author
Posts: 4
Joined: Wed Mar 11, 2015 2:03 pm

Re: Help communication clients in both interfaces

Wed Mar 11, 2015 4:36 pm

first of all
thank you sir for your response
now the devices on LAN can see the devices on WAN
BUT the devices on WAN CAN'T see devices on LAN

what is the role to do this ???

thanks again
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Help communication clients in both interfaces

Thu Mar 12, 2015 4:06 pm

Check your /ip firewall filter rules and make sure traffic is not blocked on or from the specific interface.
 
inquiery
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Mon Oct 27, 2014 3:49 pm

Re: Help communication clients in both interfaces

Thu Mar 12, 2015 9:23 pm

Seems like the gateway for your mikrotik router is the same gateway as others devices on the same subnet as the WAN is. That means that your mikrotik is NOT the gateway for your internet traffic, isn't?
And so, you have another router, to which devices on 192.168.1.0/24 point to as gateway, and that other router does not know a route to your mikrotik.

If that's the case, you'll need to add on that other router a route rule so when you try to access LAN address from a device on the WAN subnet, to be redirected to your mikrotik.
 
shaaban141
just joined
Topic Author
Posts: 4
Joined: Wed Mar 11, 2015 2:03 pm

Re: Help communication clients in both interfaces

Sat Mar 14, 2015 10:32 am

would you please show me step by step
I am a microtik beginner
sorry
 
timo38
just joined
Posts: 9
Joined: Tue Mar 03, 2015 6:13 am

Re: Help communication clients in both interfaces

Sat Mar 14, 2015 12:20 pm

would you please show me step by step
I am a microtik beginner
sorry
I had a similar problem where I was trying to use a PC in my wan network ( same as yours) to open the GUI of an ata in the lan network.
I ended up needing 2 firewall nat rules.

1 chain=dstnat action=dst-nat to-addresses=192.168.88.254 to-ports=80
protocol=tcp dst-address=192.168.1.3 in-interface=ether1-gateway
dst-port=8080 log=no log-prefix=""

My wan ether 1 was 192.168.1.3 but I had to use 192.168.1.3:8080 in my pc browser to stop the webfig of the mik opening if I just used 192.168.1.3
So rule 1 changes the incoming dst to 192.168.88.254 :80 which was the lan addr of the ata.
The ata gui would still not open because it has a security feature that ensured it would only open with a request from its own network. I therefore needed a second rule to then change the src addr to 192.168.88.1 (ether 2 addr).

2 chain=srcnat action=src-nat to-addresses=192.168.88.1 to-ports=80
protocol=tcp dst-address=192.168.88.254 dst-port=80 log=no
log-prefix=""
You may not need rule 2 . This can all be done with winbox.
I played around with static routes for a while but ended up doing it this way.
 
inquiery
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Mon Oct 27, 2014 3:49 pm

Re: Help communication clients in both interfaces

Sat Mar 14, 2015 2:29 pm

Is your topology like this picture?
If not, try to draw it out to make it possible for us to understand and try to give a solution.
topology.jpg
You do not have the required permissions to view the files attached to this post.
 
shaaban141
just joined
Topic Author
Posts: 4
Joined: Wed Mar 11, 2015 2:03 pm

Re: Help communication clients in both interfaces

Sat Mar 14, 2015 3:04 pm

Is your topology like this picture?
If not, try to draw it out to make it possible for us to understand and try to give a solution.
topology.jpg
yes this is my topology
 
inquiery
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Mon Oct 27, 2014 3:49 pm

Re: Help communication clients in both interfaces

Sat Mar 14, 2015 3:47 pm

Then I think you just need to configure the routes from one network to another on both your mikrotik and your WAN router.

On your WAN router, you have to find where you can configure "Static Routes", and then add one to route traffic meant to destination 197.2.1.0/24 to use the gateway 192.168.1.1 (your mikrotik IP).

And then, on your mikrotik, you need to add a static route to redirrect traffic meant to 192.168.1.0/24 to use 192.168.1.2 (your WAN router IP) as gateway, like this:
/ip route add dst-address=192.168.1.0/24 gateway=192.168.1.2
 
inquiery
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Mon Oct 27, 2014 3:49 pm

Re: Help communication clients in both interfaces

Sat Mar 14, 2015 3:58 pm

If you have a NAT rule to masquerade traffic going from your LAN to your WAN, you could also want to add a rule on your NAT table, before the masquerade, so that when the traffic is not meant to go out to internet, it won't masquerade internal traffic. Like:
/ip firewall nat add dst-address=192.168.1.0/24 action=accept
But this rule must be before your masquerade rule, to avoid masquerade to occur.

Who is online

Users browsing this forum: stitch84ac and 11 guests