I've created network segments with my MikroTik RB1100 including 3 client LANs, a phone LAN, a trusted network (servers, printers, etc) and a DMZ. These are not VLAN's per-se as there is no tagging done, these are separate LANs on different physical ports on the RB1100.
Previously everything was on the same network (the trusted network) with the exception of the phones which were previously a POTS. To increase security I decided to segment the network, however I'm getting all sorts of weird issues now.
Some of the aforementioned issues are
- Some users (not all) have issues accessing files on network drives
- Users experiencing issues printing to communal printers
- Sometimes users need to try to access network files multiple times before the file will open.
Has anyone seen this happen? There is no firewall (yet) between any client LANs and trusted LANs with the exception of Windows Firewall, though the profile for that shouldn't have changed.
Additional note
- Client LANs are 10.0.10.0/24 - 10.0.12.0/24 (Configured eth 4-6)
- Trusted 10.0.0.0/24 (configured eth1 with eth2 and 3 as slaves)
- Phones - 10.1.0.0/24 (configured eth7 with 8,9,10 as slaves)
The routing table shows all as accessible, and users can access most of the files, but some are proving troublesome. Files on the Server 2008 box are easier to access than those on a server 2003. I don't think it's a networking issue but rather a firewalling issue.
For anyone who may stumble upon this later, the issue was resolved by explicitly stating the Out interface on the srcnat Masquerade rule. See below.