Page 1 of 1
Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Thu Dec 15, 2016 3:33 pm
by TroyQ
Hi There.
I need help with the following: Here is my setup...
address list.JPG
route list.JPG
firewall rules.JPG
I have DHCP set up on both ports 5 and 3, so I cannot add them to a bridge. I need the pc's to be able to access each other on both networks.
What am i missing? I cannot connect from either side or ping any side...
And yes I do need both networks to be on seperate ip ranges.
I have also changed the subnet mask on both sides to 255.255.252.0 but still nothing
Thanks in advance
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Thu Dec 15, 2016 9:18 pm
by tr00g33k
Please post whole configuration so we can see what could the problem be.
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Fri Dec 16, 2016 12:00 am
by docmarius
If you use windows machines, you need to alter your widows firewall settings to accept requests from the other network.
Or simply add a masquerade entry for each of the ethernet interfaces 3 and 5.
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Fri Dec 16, 2016 7:53 am
by TroyQ
If you use windows machines, you need to alter your widows firewall settings to accept requests from the other network.
Or simply add a masquerade entry for each of the ethernet interfaces 3 and 5.
The windows machines can ping each other fine when I put the networks in a bridge but it breaks my dhcp. no firewall on any machine at the moment.
I tried the masquerade but it does not work
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Fri Dec 16, 2016 7:54 am
by TroyQ
/interface bridge
add comment="Network Bridge Between Admin and Replica Server" mtu=1500 name=Replicator-Admin protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] comment="Klas35 - Replica Server"
set [ find default-name=ether3 ] comment="Klas35 Network /18"
set [ find default-name=ether5 ] comment="Klas26 Network /18"
set [ find default-name=sfp1 ] comment="Gateway - Admin"
/ip neighbor discovery
set ether2 comment="Klas35 - Replica Server"
set ether3 comment="Klas35 Network /18"
set ether5 comment="Klas26 Network /18"
set sfp1 comment="Gateway - Admin"
set Replicator-Admin comment="Network Bridge Between Admin and Replica Server"
/interface ethernet
set [ find default-name=ether4 ] master-port=sfp1
set [ find default-name=ether6 ] master-port=sfp1
set [ find default-name=ether7 ] master-port=sfp1
set [ find default-name=ether8 ] master-port=sfp1
set [ find default-name=ether9 ] master-port=sfp1
set [ find default-name=ether10 ] master-port=sfp1
set [ find default-name=ether11 ] master-port=sfp1
set [ find default-name=ether12 ] master-port=sfp1
set [ find default-name=ether13 ] master-port=sfp1
set [ find default-name=ether14 ] master-port=sfp1
set [ find default-name=ether15 ] master-port=sfp1
set [ find default-name=ether16 ] master-port=sfp1
set [ find default-name=ether17 ] master-port=sfp1
set [ find default-name=ether18 ] master-port=sfp1
set [ find default-name=ether19 ] master-port=sfp1
set [ find default-name=ether20 ] master-port=sfp1
set [ find default-name=ether21 ] master-port=sfp1
set [ find default-name=ether22 ] master-port=sfp1
set [ find default-name=ether23 ] master-port=sfp1
set [ find default-name=ether24 ] master-port=sfp1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=Klas35_Pool ranges=192.168.50.100-192.168.50.200
add name=Klas26_Pool ranges=192.168.49.100-192.168.49.200
/ip dhcp-server
add add-arp=yes address-pool=Klas35_Pool always-broadcast=yes disabled=no interface=ether3 lease-time=3d name=\
"Klas35 DHCP"
add add-arp=yes address-pool=Klas26_Pool always-broadcast=yes disabled=no interface=ether5 lease-time=3d name=\
"Klas26 DHCP"
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=Replicator-Admin interface=ether2
add bridge=Replicator-Admin interface=sfp1
/ip settings
set accept-redirects=yes accept-source-route=yes
/interface ethernet switch port
set 0 dscp-based-qos-dscp-to-dscp-mapping=no
set 1 dscp-based-qos-dscp-to-dscp-mapping=no
set 2 dscp-based-qos-dscp-to-dscp-mapping=no
set 3 dscp-based-qos-dscp-to-dscp-mapping=no
set 4 dscp-based-qos-dscp-to-dscp-mapping=no
set 5 dscp-based-qos-dscp-to-dscp-mapping=no
set 6 dscp-based-qos-dscp-to-dscp-mapping=no
set 7 dscp-based-qos-dscp-to-dscp-mapping=no
set 8 dscp-based-qos-dscp-to-dscp-mapping=no
set 9 dscp-based-qos-dscp-to-dscp-mapping=no
set 10 dscp-based-qos-dscp-to-dscp-mapping=no
set 11 dscp-based-qos-dscp-to-dscp-mapping=no
set 12 dscp-based-qos-dscp-to-dscp-mapping=no
set 13 dscp-based-qos-dscp-to-dscp-mapping=no
set 14 dscp-based-qos-dscp-to-dscp-mapping=no
set 15 dscp-based-qos-dscp-to-dscp-mapping=no
set 16 dscp-based-qos-dscp-to-dscp-mapping=no
set 17 dscp-based-qos-dscp-to-dscp-mapping=no
set 18 dscp-based-qos-dscp-to-dscp-mapping=no
set 19 dscp-based-qos-dscp-to-dscp-mapping=no
set 20 dscp-based-qos-dscp-to-dscp-mapping=no
set 21 dscp-based-qos-dscp-to-dscp-mapping=no
set 22 dscp-based-qos-dscp-to-dscp-mapping=no
set 23 dscp-based-qos-dscp-to-dscp-mapping=no
set 24 dscp-based-qos-dscp-to-dscp-mapping=no
set 25 dscp-based-qos-dscp-to-dscp-mapping=no
/interface ethernet switch vlan
add ports=ether3,ether5 svl=yes vlan-id=101
/ip address
add address=10.80.8.4/24 comment="Mikrotik Network" interface=sfp1 network=10.80.8.0
add address=192.168.0.201/24 comment="Admin Network /18" interface=ether2 network=192.168.0.0
add address=192.168.50.254/24 comment="Klas35 Network /22" interface=ether3 network=192.168.50.0
add address=192.168.49.254/24 comment="Klas26 Network /22" interface=ether5 network=192.168.49.0
/ip dhcp-server network
add address=192.168.49.0/24 dns-server=192.168.50.2,192.168.49.254 gateway=192.168.50.2 netmask=22
add address=192.168.50.0/24 dns-server=192.168.50.1,192.168.50.254 gateway=192.168.50.254 netmask=22
/ip dns
set allow-remote-requests=yes servers=10.60.3.4,8.8.8.8
/ip firewall filter
add action=accept chain=forward dst-address=192.168.50.0/24 src-address=192.168.49.0/24
add action=accept chain=forward dst-address=192.168.49.0/24 src-address=192.168.50.0/24
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.49.0/24
add action=accept chain=prerouting dst-address=192.168.50.0/24
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes dst-address=192.168.50.2
/ip route
add distance=1 gateway=10.80.8.1
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name="OHS K18 (C Brink)"
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set Replicator-Admin disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6 disabled=yes display-time=5s
set ether7 disabled=yes display-time=5s
set ether8 disabled=yes display-time=5s
set ether9 disabled=yes display-time=5s
set ether10 disabled=yes display-time=5s
set ether11 disabled=yes display-time=5s
set ether12 disabled=yes display-time=5s
set ether13 disabled=yes display-time=5s
set ether14 disabled=yes display-time=5s
set ether15 disabled=yes display-time=5s
set ether16 disabled=yes display-time=5s
set ether17 disabled=yes display-time=5s
set ether18 disabled=yes display-time=5s
set ether19 disabled=yes display-time=5s
set ether20 disabled=yes display-time=5s
set ether21 disabled=yes display-time=5s
set ether22 disabled=yes display-time=5s
set ether23 disabled=yes display-time=5s
set ether24 disabled=yes display-time=5s
set sfp1 disabled=yes display-time=5s
/system leds
set 0 interface=sfp1
/tool romon
set enabled=yes
/tool user-manager database
set db-path=user-manager
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Fri Dec 16, 2016 7:57 am
by TroyQ
Please post whole configuration so we can see what could the problem be.
Please note my 192.168.0.0//24 network is a separate network, its working fine on its own for now.
Internet is supplied from a different mikrotik for the 192.168.0.0 network,
and a separate router 192.168.50.2 for interface 3 and 5 is being used also. A server is on 192.168.50.1.
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Fri Dec 16, 2016 12:21 pm
by paka
Hi,
you have wrong entries in Route List and Firewall.
Regards
Paka
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Fri Dec 16, 2016 12:24 pm
by paka
-192.168.49.0/24 and 192.168.50.0/24 are difference networks.
-For any route is needed gateway address, not interface!
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Sun Dec 18, 2016 8:20 pm
by TroyQ
Hi,
you have wrong entries in Route List and Firewall.
Regards
Paka
Actually no I have the correct entries in route list. Those are dynamic addresses assigned to port 3 and 5 and the mikrotik creates the routes automatically. They cannot be removed.
The firewall list is also correct, even though they are not necessary I added them just to track my connections.
If you cannot help do not post replies.
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Sun Dec 18, 2016 8:23 pm
by TroyQ
-192.168.49.0/24 and 192.168.50.0/24 are difference networks.
-For any route is needed gateway address, not interface!
Again you are not correct Paka. interface as a route works perfectly on my other mikrotiks. Remember this is not for internet access, it is for connection between to ports.
This is the only time my setup does not work as this network has more complicated combinations. I am looking for answers that can help me sort this out, so far you have not helped.
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Wed Dec 21, 2016 11:50 am
by TroyQ
So no-one can see the problem here? I need help please
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Wed Dec 21, 2016 12:03 pm
by quackyo
If I understand correctly you do the routing outside of this mikrotik. If so , those routers need to have static routes for 192.168.50.0/24 and 192.168.49.0/24 to this mikrotik.
Re: Route between 2 interfaces with 2 subnets (without a bridge)
Posted: Thu Dec 22, 2016 11:45 am
by TroyQ
If I understand correctly you do the routing outside of this mikrotik. If so , those routers need to have static routes for 192.168.50.0/24 and 192.168.49.0/24 to this mikrotik.
Correct yes, but that is a seperate network on sfp1. What do I need to add to the other mikrotik and where?
Also I have now started over (and a new post) where i have made sfp1 and the other interfaces part of a bridge. The only interfaces excluded from that bridge are 3 and 5 and still not communicating