Mikrotik forward traffic to another gateway

routing mikrotik
Magician picture Magician · May 28, 2014 · Viewed 16.7k times · Source

I have problem with setting Mikrotik to forward specific packets to another router.

Our devices is setup like this:

LAN1: 192.168.1.0/24
Mikrotik: 192.168.1.253
Cisco: 192.168.1.252

LAN2: 192.168.2.0/24
Cisco: 192.168.2.252

Main gateway setup at DHCP is 192.168.1.253, so every packet is sent to Mikrotik.

I have setup up route at mikrotik like this:

/ip route add dst-address=192.168.2.0/24 gateway=192.168.1.252

Now, I can ping devices on 192.168.2.0/24, but 192.168.2.0/24 can't ping us back, except 192.168.1.253, which is mikrotik router. So, it would seem, that Mikrotik won't forward all 192.168.2.0/24 packet to 192.168.1.252

Is there anything I need to add?

Thank you

UPDATE: Actually, my problem is, that 192.168.1.0/24 can reach 192.168.2.0/24 without problem. But 192.168.2.0/24 can only reach 192.168.1.253, but not other IPs in 192.168.1.0/24. I recorded packet incoming at 192.168.1.253, but the mikrotik wouldn't forward them to 192.168.1.252

Answer

Magician picture Magician · Jun 12, 2014

After some sniffing, it seems that I need to take down "invalid connection state" in firewall for internal LAN There are 3 ways of solving this.

  1. Set cisco to send EVERYTHING to mikrotik at 192.168.1.253, including every packet that destined to 192.168.1.0/24, despite it is local.
  2. Tear down "invalid connection state" firewall rule for packets incoming to local

  3. Set up private network with /30 net specific between mikrotik and cisco like:

    • mikrotik: 192.168.1.253, 192.168.10.1/30
    • cisco: 192.168.10.2/30, 192.168.2.252/24

    then route every packet to 192.168.2.0/24 to 192.168.10.2/30. This third option is not available to me, but I put here to give you another option.

Related questions

mikrotik nat redirect to local from local

I'm using Mikrotik 750GL and I have such a problem: I have subnet 10.0.0.0/16 Router has local ip 10.0.0.1 and external ip (e.g. 1.1.1.1) I forward some ports to my local hosts (e.g. firewal nat dst-nat 1.1.1.1:444 -> 10.0.0.2:80) When I go …

Read More
Mikrotik - Using 2 WAN connections with 2 Static IP addresses

I have 2 WAN lines that connect to the Internet: one connects on ether1 interface, the other connect on ether2 interface, using a Mikrotik router. ether3 connects to LAN. Each line has Valid IP (static IP) and connect with PPPoE connection: …

Read More
mikrotik: route all traffics of particular local ip to defined gateway

I am using Mirkotik RB 1100 v6.0rc11. I have such configuration for my network LAN ether1 192.168.0.0/24 ISP1 Ether6 PPPOE Connections Dynamic Public IP Address ISP2 Ether10 Static Public IP 111.111.111.111/25 I have masquerade Local ips ie 192.168.0.0/24 to ISP2. All local ips …

Read More