MikroTik

hey guys, i need some assistance with getting something set up (if what i'm thinking of is even possible). i hope this is posted in the right section...if not, please move as necessary.

at home i have 2 mikrotik routers, an RB493G is my main gateway AP/router, and an RB951G is connected behind it. the 951G is used to extend wireless coverage while at home, but will also occasionally serve as the main gateway/router while i am traveling, just like the 493G does at home.

the 951G is configured basically the same as the 493G, it has ether2-ether5 + wlan1 (2-9 + wlan1 on the 493G) assigned to a LAN bridge (let's call it HOMEBRIDGE), which is masq'ed to a single WAN port (ether1). it has a DHCP Client on the WAN port, pulling a static DHCP lease assigned by the 493G. both devices have their own DHCP server assigned to their own HOMEBRIDGE, with each DHCP server using a different network (i.e., 493G uses 192.168.1.0/24, while the 951G uses 192.168.2.0/24).

what i want to do is set up the 951G so that when it is connected behind the 493G on my home network, trusted devices like my phone, laptop, etc. (based on the device's MAC address) will bypass the 951G's DHCP server & routing, and will instead be forwarded to the 493G's DHCP server so that all my trusted devices are on the same network and can talk to each other. non-trusted devices (everything else) will use the DHCP server of the 951G and will be on a separate network.

however, if i am traveling and the 951G is the only device between me and the internet, i want all devices, trusted or not, to obtain a DHCP lease from the 951G's DHCP server.

so basically it looks like this (excuse the MS Paint network diagram, although it should help visualize the idea i'm trying to convey ):

anyone have any idea how to accomplish this?

You need a script checking whether you are at home or elsewhere and then enabling / disabling / changing the settings accordingly. Or you can use two partitions, one for each usecase preconfigured independently and swap their booting and reboot the device according the tested home presence. For home testing you can try mac ping to 433 that will fail elsewhere.

Double nat at home for untrusted devices will not help to anything anyway.

Why not to leave the 951 at home and not to buy 941 for travelling?

because i already have 2 of the RB951's, one which stays at home, and one which will go with me when i travel. there's no need to buy another device to be used only for travel. even at just a little over $20, it's a waste to have it just sitting around doing nothing when i'm at home (which is most of the time).

i mainly need assistance with how to set up the 951 to bypass its own DHCP server for devices i specify and passing it on to the RB493G, while everything else uses the 951's DHCP server.

So you don't need automatically changing configuration of one device. Why you need double nat for some clients?