There are two independent networks 192.168.10.0/24 and 192.168.20.0/24 , in each workstation and server.

There was a need to unite both networks by a gateway on RouterOS ( Mikrotik RB2011 ). To do this, I added two bridges net10 and net20 , each bridge through nat released on the Internet. The difficulty arose with the configuration of the firewall. It is impossible to configure it in such a way that access to another network was only for servers (for example, 192.168.10.10-15 should have access to 192.168.20.10-15 , and vice versa), and workstations to another network are denied access.

    1 answer 1

    did you accidentally bridge both networks into one broadcast domain?

    I think it’s necessary to work not with bridges, but with routing:

    1. Make a global network through nat
    2. Set the routing rule to 192.168.10. *
    3. Set the routing rule to 192.168.20. *
    4. In the firewall in the FORWARD table, allow access from 192.168.10.10-192.168.10.15 to 192.168.20.10-192.168.20.15
    5. In the same place to allow the return traffic: from 192.168.20.10-192.168.20.15 to 192.168.10.10-192.168.10.15