Routing between LAN1 and LAN2 in case of WAN1-LAN1 and WAN2-LAN2 connection
Hello!
I have a problem. I have the setup mentioned in the subject. Two modems, with two public dynamic IP addresses. The WAN1-LAN1 and WAN2-LAN2 connections are set up, so everything is fine now.
However, communication between LAN1 and LAN2 would also be needed, unfortunately this cannot be solved. It is important that I would need it without mangle rules, because the fasttrack rule is needed for speed.
Router: RB3011
WAN1: SPF1
WAN2: Ether10
The configuration:I tried adding an additional routing rule to the main board, but probably incorrectly, the internet went down on both networks, if they could connect to each other.
Thanks in advance for your help!
Hello!
I have a problem. I have the setup mentioned in the subject. Two modems, with two public dynamic IP addresses. The WAN1-LAN1 and WAN2-LAN2 connections are set up, so everything is fine now.
However, communication between LAN1 and LAN2 would also be needed, unfortunately this cannot be solved. It is important that I would need it without mangle rules, because the fasttrack rule is needed for speed.
Router: RB3011
WAN1: SPF1
WAN2: Ether10
The configuration:
Code:
/interface bridgeadd admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridge_main protocol-mode=none vlan-filtering=yes/interface ethernetset [ find default-name=ether10 ] poe-out=offset [ find default-name=sfp1 ] auto-negotiation=no mac-address=XX:XX:XX:XX:XX:XX/interface vlanadd interface=bridge_main name=vlan_private2 vlan-id=20add interface=bridge_main name=vlan_private vlan-id=10/interface listadd name=WANadd name=VLAN/ip pooladd name=private_pool ranges=192.168.10.20-192.168.10.254add name=private2_pool ranges=192.168.20.20-192.168.20.50/ip dhcp-serveradd address-pool=private_pool authoritative=after-2sec-delay interface=vlan_private lease-time=1w3d name=dhcp_privateadd address-pool=private2_pool authoritative=after-2sec-delay interface=vlan_private2 lease-time=1h name=dhcp_private2/portset 0 name=serial0/routing tableadd disabled=no fib name=WAN1add disabled=no fib name=WAN2/interface bridge portadd bridge=bridge_main frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=10add bridge=bridge_main frame-types=admit-only-vlan-tagged interface=ether2add bridge=bridge_main frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=10add bridge=bridge_main frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=10add bridge=bridge_main frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=10add bridge=bridge_main frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=10add bridge=bridge_main frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=10add bridge=bridge_main frame-types=admit-only-untagged-and-priority-tagged interface=ether8 pvid=10add bridge=bridge_main frame-types=admit-only-untagged-and-priority-tagged interface=ether9 pvid=10/interface bridge vlanadd bridge=bridge_main tagged=ether2 untagged=ether1,ether3,ether4,ether5,ether6,ether7,ether8,ether9 vlan-ids=10add bridge=bridge_main tagged=ether2 vlan-ids=20/interface list memberadd interface=sfp1 list=WANadd interface=vlan_private list=VLANadd interface=vlan_private2 list=VLAN/ip addressadd address=192.168.10.1/24 interface=vlan_private network=192.168.10.0add address=192.168.20.1/24 interface=vlan_private2 network=192.168.20.0/ip cloudset ddns-enabled=yes update-time=no/ip dhcp-clientadd add-default-route=no interface=sfp1add add-default-route=no interface=ether10/ip dhcp-server networkadd address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1,208.67.222.222,208.67.220.220,8.8.8.8,8.8.4.4/ip firewall filteradd action=accept chain=input comment="Allow Esteb & Related" connection-state=established,relatedadd action=accept chain=input comment="Allow VLAN" in-interface-list=VLANadd action=accept chain=input comment="Allow vlan_private Full Access" in-interface=vlan_privateadd action=drop chain=input comment=Dropadd action=fasttrack-connection chain=forward connection-state=established,related dst-address=192.168.10.0/24 hw-offload=yesadd action=fasttrack-connection chain=forward connection-state=established,related dst-address=192.168.20.0/24 hw-offload=yesadd action=accept chain=input comment=Private in-interface=!sfp1 src-address=192.168.10.0/24add action=accept chain=input comment=Private2 in-interface=!ether10 src-address=192.168.20.0/24add action=drop chain=input comment="Invalid packets drop" connection-state=invalidadd action=drop chain=forward comment="Invalid packets drop" connection-state=invalidadd action=add-src-to-address-list address-list=blacklist address-list-timeout=8w4d12h chain=input comment="Port scanners add to blacklist" protocol=tcp psd=21,3s,3,1add action=add-src-to-address-list address-list=blacklist address-list-timeout=2w1d chain=input dst-port=20-1023,8000,8080,8291 protocol=tcp src-address=!192.168.0.0/16add action=add-src-to-address-list address-list=blacklist address-list-timeout=2w1d chain=input dst-port=20-122,124-499,501-1023,8000,8080,8291 protocol=udp src-address=!192.168.0.0/16add action=drop chain=input comment="Blacklist packets drop" src-address-list=blacklistadd action=drop chain=forward comment="Blacklist packets drop" src-address-list=blacklistadd action=accept chain=output dst-port=1701 protocol=udp src-port=1701add action=accept chain=output dst-port=500 protocol=udp src-port=500add action=accept chain=forward comment="Allow Internet Traffic Private" out-interface=sfp1 src-address=ISP1add action=accept chain=forward comment="Allow Internet Traffic Private2" out-interface=ether10 src-address=ISP2/ip firewall natadd action=masquerade chain=srcnat comment="NAT_Private" out-interface=sfp1 src-address=192.168.10.0/24add action=masquerade chain=srcnat comment="NAT_Private2" out-interface=ether10 src-address=192.168.20.0/24/ip firewall service-portset ftp disabled=yesset tftp disabled=yesset h323 disabled=yesset sip disabled=yesset pptp disabled=yes/ip routeadd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10add dst-address=0.0.0.0/0 gateway=ISP2 routing-table=mainadd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 routing-table=WAN1 scope=30 suppress-hw-offload=no target-scope=10add dst-address=0.0.0.0/0 gateway=ISP2routing-table=WAN2/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset winbox address=192.168.10.0/24set api-ssl disabled=yes/routing ruleadd action=lookup-only-in-table disabled=no interface=vlan_private src-address=192.168.10.0/24 table=WAN1add action=lookup-only-in-table disabled=no interface=vlan_private2 src-address=192.168.20.0/24 table=WAN2Thanks in advance for your help!
Statistics: Posted by Alteran — Tue Mar 25, 2025 7:00 am