/ip firewall filter add chain=forward src-address=192.168.88.0/24 dst-address=192.168.1.0/24 action=accept comment="ALLOW 88->1"
/ip firewall filter add chain=forward src-address=192.168.1.0/24 dst-address=192.168.88.0/24 action=accept comment="ALLOW 1->88"
move both to the top:
/ip firewall filter move [find comment="ALLOW 88->1"] 0
/ip firewall filter move [find comment="ALLOW 1->88"] 0
Add return routes on three VyOS to 192.168.88.0/24 network
On your 192.168.1.x default gateway (three VyOS) Route 192.168.88.0/24 via 192.168.1.1
configure
set protocols static route 192.168.88.0/24 next-hop 192.168.1.1
commit
save
exitVerification:
show ip route 192.168.88.0/24
ping 192.168.88.2
traceroute 192.168.88.1NOTE:
- Check default route
ip -4 route show defaultIf default route is empty find gateway
show dhcp client leasesadd Add the missing default route and retest:
sudo ip route add default via 172.27.160.1 dev wlan0
ip route get 1.1.1.1Persistent fix (if you just want it working)
configure
set protocols static route 0.0.0.0/0 next-hop 172.27.160.1
commit; saveAdd route from MikroTik cAP ax IP: 192.168.88.1 to 192.168.1.0/24 network
On the 192.168.88.x gateway (MikroTik cAP ax IP: 192.168.88.1), add: Route 192.168.1.0/24 via 192.168.88.2 (the MikroTik) MikroTik cAP (CLI)
/ip route add dst-address=192.168.1.0/24 gateway=192.168.88.2 comment="to 192.168.1 via L009"Verify
/ip route print where dst-address=192.168.1.0/24
/ping 192.168.88.2
/ping 192.168.1.1MikroTik cAP (WinBox)
- IP → Routes → +
- Dst. Address: 192.168.1.0/24
- Gateway: 192.168.88.2
Apply/OK