I have 2 Miktorik RouterBoards, an RB1100 and a RB951G. The 951G is acting as my Wireless box, and has Guest, Internal and Internet Only Wireless networks. The RB1100 has 3 WAN connections (2×150/10Mb Cable modems and a 70/20Mb VDSL modem) and does Load Balancing, firewalling, etc, for the whole network.
The RB1100 is on network 192.168.0.0/24 and the 951 has 3 address ranges:
- Guest -> 192.168.87.0/24
- Internal -> 192.168.88.0/24
- Internet Only -> 192.168.89.0/24
The idea is that guest is firewalled big time (limited bandwidth, limited sites, etc) which i have working with the help of the hotspot.
- Internet Only should only be routed to the internet, possibly limiting some ports, and should not see anything on the 192.168.0.0/24 network.
- Internal should have access to both the internet and also the 192.168.0.0/24 network, and anything on the 192.168.0.0/24 network should be able to see the 192.168.88.0/24 network also…
I Had the Internet Only part working to an extent, but accidentally cleared my router config (doh) but i never managed to setup the Internal network correctly…
Currently i have NAT enabled and that allows me to see all machines on the 192.168.0.0/24 network from the 88.0/24 network, but 0.0/24 cannot see 88.0/24 network…
I know i need to do something with routes, but even when i had that, something was not allowing me to see machines (laptop on wifi could not see desktop on wired).
So, Where am i going wrong?
Again, sorry i cant post the exact config… lost it in a firewall rule screw up…
Best Answer
Ok, thanks to DKNUKLES for his answer, but the problem was more a configuration problem on my end... I ended up adding 2 routing items to the routers, one on the 1100 and one on the 951. the 951 said to route all traffic (0.0.0.0/0) to the RB1100. the RB1100 had a route to point all 192.168.88.0/24 traffic to the IP of the 951. but still no joy...
the problem was my pre-routing. since i have multiple WAN connections and since my pre-routing did round robin, all traffic on my network was being routed to one of the WAN ports, if it was not for the 192.168.0.0/24 network. So, at the end of my pre-routing block, i added a rule, any traffic going to 192.168.88.0/24 with a connection-mark was cleared of its connection mark. this by-passed the loadbalancing rules and allows the traffic to go in the correct area... I realized it could be something like that when running traceroute. from one of the non WiFi connected machines to a WiFi connected machine, i was being routed out to one of my modems... Anyway, all fixed... I can now get to machines from the 192.168.88.0 network and they can see machines in the 192.168.0.0 network. happy days!