On further expansion i have to split down my internal network with multiple VLAN’s and multiple wired connections in this video i will give you an overview how these are deployed you can see that’s the device ‘A’ which is my WAN provider and ‘C’ is my MikroTik CRS-305 it’s a 10 gigabyte switch there so basically i need internet access on my MikroTik device then on the VM1 and VM2 also I have to break down the VM networks on the freeness system that is ‘B’ to 192.168.14.100 and 15.100 you can see the details there so before moving to all the configurations there i just wanted to confirm that MikroTik already configured with dhcp and you can see there is vlan 40 and 50 this exists there and if you go to that dhcp server configuration you can see there is two dhcp configuration that is available here and the interface is using vlan 50 and 40.
I have open the vnc connection you can see this is in the vlan 50 the second machine is in vlan 40 so you can see that if i’m pinging to the external dns service you can see this is not reaching from this network also not reachable from this vlan and if i’m going to MikroTik and tools there’s a lot of tools actually integrated with the MikroTik device, so that will be very helpful so if i’m pinging you can see there is no route to host because the packet is actually leaving from here need to be go tot he WAN through this internet link so currently there is multiple connections this device does not know where to send the packet that not in their network so i will create a default route right away that is in ip — routes and these are the automatically added when you create the interface configuration in the route i will add destination addresses 0.0.0.0/0 and gateway that will be 192.168.
18.1 and nothing else need to be done you can go to the tools again to verify see no road to host that is changed that’s the time to leave and reply size everything is working as you can see this communication is working i am going to add nat rules for my vlan 40 and 50 to reach internet you can see as here VM1 and VM2 you that need to be reached this WAN through the MikroTik device only.
You have to create nat rules that network address translation that need to be done here so you can do that by simply going to the firewall nat — add this is a source nat source address that will be 192.168.40.
0/24 everything coming from this source in the action you need to sorucenat to address that is 192.168.18.6 that is the interface ip of MikroTik device. added that okay so that’s there and let’s see oh sorry this is a 50 network it won’t work like that let’s see here yeah it started communicating with the internet by the way after adding this nat rule i will add one more nat there that will be 192.
168.50.0/24 and again sourcenat to address 192.168.18.
6 so whatever the packet is sending from the VM’s that will be network address translated when it leave the MikroTik device it will be leaving as 192.168.18.6 only so i’m creating another rule here also this is the VM1 so you can see this is started to responding these are very basic settings that need to be done and another one important thing i would like to add there is one filter rule i don’t want to access MikroTik device from any other network except 88.1 so for that i can use this filter rule right away so you can see this is 192.
168.1 and this management interface is loaded if i’m going to do 192.168.18.6 you can see it will also load from here, you can create one firewall rule, simple filter rule like source address will be 192.
168.18.0/24 and you can specify in interface as SFP one and again just mark to drop here so let’s see yeah it is pinging to this one.
pinging to the MikroTik device i will create a DROP whatever coming from 192.168.
18.0 to this particular device to DROP click ok so you can see it is started to request timeout so this is working and you can see this is also not loading further to the microtech will be blocked and no other traffic will be harmed because of that so i will check again this internet is working right here what’s the internet is working here so i have mentioned the basic routing and firewall rules that can be helpful to configure this MikroTik device you can experiment also with other vendor device the concept are basically same thanks for watching i hope this is informative for you.