I have two subnets.
192.168.232.0/28
192.168.232.16/28
The Cloudprovider(Hetzner) gives me a gateway 192.168.232.17 for the subnet 192.168.232.16/28. I have a windows client 192.168.232.19 in this subnet. I have a Mikrotik/Firewall/Gateway on 192.168.232.2 in subnet 192.168.232.0/28.
If i use on 192.168.232.19 the default gateway 192.168.232.17 I can ping 192.168.232.2 and the other way around.
But I want 192.168.232.2 to be the default gateway.
I tried these routes on the windows client:
192.168.232.0/24 via 192.168.232.17
0.0.0.0/0 via 192.168.232.2
But its not working. What am I missing?
Best Answer
A gateway can only be used when it is located in the same subnet as the sender. IP routing works by sending an IP packet to the gateway and the gateway forwarding it on.
On MAC-based networks like Ethernet that is done by addressing the encapsulating Ethernet frame to the gateway's MAC address. The MAC address is determined by an ARP request for the gateway IP address. ARP uses Ethernet broadcast to send the request to all nodes in the broadcast domain. Accordingly, a gateway MUST be located within the sender's broadcast domain.
Usually, the sender only attempts to ARP the gateway address when it is part of its own subnet. You could trick this part by forcing an address to be "on-link" (similar to what you've tried) but you can't trick the broadcast domain.
Forcing a gateway that your local gateway should use was initially an IP option called source routing. It didn't gain wide adoption and is today generally deprecated for severe security issues. The option is either ignored or the whole packet is dropped.
As mentioned in the comment: you need to use your local gateway or move the host to the other subnet.