MikroTik

I have 2 interfaces
wan 192.168.1.1
Lan 197.2.1.1

I need the clients on both interfaces to be able to see each other and share files ??
I don't know how to do this or what is is the suitable rule ??
thanks in advanc

"You're putting a router onto a network where someone else is the administrator / the router is supplied by the ISP and you do not have control over its configuration."

Is this pretty much a true statement?

This is a routing issue. The "outside" network (192.168.1.0/24) needs to know that your mikrotik is the gateway it should use when trying to reach network 197.2.1.0/24.

You can fix this in a few ways:
- Add a static route in the default gateway router on the 192.168.1.0 network (you need the mikrotik's wan IP to be static)
- Add static routes in the hosts on wan network which need to reach the lan network (sloppy workaround)
- Use NAT on the Mikrotik so that lan-side hosts appear to be the mikrotik's wan IP on the wan network. Note that when using this method, hosts on the wan network will not be able to reach hosts on the lan network.

Default gateway on client is enough to allow file sharing.
If you are using Windows computers, then use //IP_address in explorer to access computer via network.

first of all
thank you sir for your response
now the devices on LAN can see the devices on WAN
BUT the devices on WAN CAN'T see devices on LAN

what is the role to do this ???

thanks again

Check your /ip firewall filter rules and make sure traffic is not blocked on or from the specific interface.

Seems like the gateway for your mikrotik router is the same gateway as others devices on the same subnet as the WAN is. That means that your mikrotik is NOT the gateway for your internet traffic, isn't?
And so, you have another router, to which devices on 192.168.1.0/24 point to as gateway, and that other router does not know a route to your mikrotik.

If that's the case, you'll need to add on that other router a route rule so when you try to access LAN address from a device on the WAN subnet, to be redirected to your mikrotik.

would you please show me step by step
I am a microtik beginner
sorry

would you please show me step by step
I am a microtik beginner
sorry

I had a similar problem where I was trying to use a PC in my wan network ( same as yours) to open the GUI of an ata in the lan network.
I ended up needing 2 firewall nat rules.

1 chain=dstnat action=dst-nat to-addresses=192.168.88.254 to-ports=80
protocol=tcp dst-address=192.168.1.3 in-interface=ether1-gateway
dst-port=8080 log=no log-prefix=""

My wan ether 1 was 192.168.1.3 but I had to use 192.168.1.3:8080 in my pc browser to stop the webfig of the mik opening if I just used 192.168.1.3
So rule 1 changes the incoming dst to 192.168.88.254 :80 which was the lan addr of the ata.
The ata gui would still not open because it has a security feature that ensured it would only open with a request from its own network. I therefore needed a second rule to then change the src addr to 192.168.88.1 (ether 2 addr).

2 chain=srcnat action=src-nat to-addresses=192.168.88.1 to-ports=80
protocol=tcp dst-address=192.168.88.254 dst-port=80 log=no
log-prefix=""
You may not need rule 2 . This can all be done with winbox.
I played around with static routes for a while but ended up doing it this way.

Is your topology like this picture?
If not, try to draw it out to make it possible for us to understand and try to give a solution.

Is your topology like this picture?
If not, try to draw it out to make it possible for us to understand and try to give a solution.

topology.jpg

yes this is my topology

Then I think you just need to configure the routes from one network to another on both your mikrotik and your WAN router.

On your WAN router, you have to find where you can configure "Static Routes", and then add one to route traffic meant to destination 197.2.1.0/24 to use the gateway 192.168.1.1 (your mikrotik IP).

And then, on your mikrotik, you need to add a static route to redirrect traffic meant to 192.168.1.0/24 to use 192.168.1.2 (your WAN router IP) as gateway, like this:

If you have a NAT rule to masquerade traffic going from your LAN to your WAN, you could also want to add a rule on your NAT table, before the masquerade, so that when the traffic is not meant to go out to internet, it won't masquerade internal traffic. Like:
But this rule must be before your masquerade rule, to avoid masquerade to occur.