Please, help me about the following problem:
I Have 3 NICs on my PC with RouterOS as follow:
LAN1: 192.168.0.1(192.168.0.0/24)
LAN2: 192.168.1.1(192.168.1.0/24)
WAN: X.X.X.X (X.X.X.X.)
I can't ping from a host on LAN1 to LAN2.
I just can ping to 192.168.0.1 and 192.168.1.1 but not to another host in the Network
From the router i can succesfully ping to any Host in ahy LAN
I've no firewall rule...
Thanks
Re: Can't ping from LAN1 to LAN2
The most likely cause given what little information you have given is that you're dealing with Windows Vista or 7 hosts that have firewalls configured. The default network profile in those operating systems allows ICMP echo requests from the same network, but not from other networks. So pinging from the other LAN fails, pinging from the router works as by default it will pick the closest interface to the destination as a source, which the host would of course perceive as being on the same network. You can prove that by pinging hosts from the router and manually setting the source address to the IP address of the LAN interface the host is NOT behind. If that tests fails edit the host firewall policies and you should be good to go. You could also source NAT the two LANs but that's a very ugly solution.
Re: Can't ping from LAN1 to LAN2
Thanks For your suggestion...
Im new here...
This is the information i get:
Terminal vt102 detected, using multiline input mode
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; added by setup
address=190.120.X.X/30 network=190.120.X.X broadcast=190.120.X.X
interface=WAN actual-interface=WAN
1 address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255
interface=LAN_IGO actual-interface=LAN_IGO
2 address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255
interface=LAN_SM actual-interface=LAN_SM
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
0 ADC dst-address=190.120.X.X/30 pref-src=190.120.X.X interface=WAN
scope=10 target-scope=0
1 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.1 interface=LAN_IGO
scope=10 target-scope=0
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1 interface=LAN_SM
scope=10 target-scope=0
3 A S ;;; added by setup
dst-address=0.0.0.0/0 gateway=190.120.X.X interface=WAN
gateway-state=reachable scope=255 target-scope=10
[admin@MikroTik] > /interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R LAN_SM ether 0 0 1500
1 R WAN ether 0 0 1500
2 R LAN_IGO ether 0 0 1500
[admin@MikroTik] > /ip firewall export
/ ip firewall mangle
add chain=prerouting src-address-list=sm action=mark-connection \
new-connection-mark=sm_cnn passthrough=yes comment="" disabled=no
add chain=forward connection-mark=sm_cnn action=mark-packet \
new-packet-mark=sm_traffic passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=LAN_IGO action=masquerade comment="" \
disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall address-list
add list=sm address=192.168.1.0/24 comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
Thanks
Im new here...
This is the information i get:
Terminal vt102 detected, using multiline input mode
[admin@MikroTik] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; added by setup
address=190.120.X.X/30 network=190.120.X.X broadcast=190.120.X.X
interface=WAN actual-interface=WAN
1 address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255
interface=LAN_IGO actual-interface=LAN_IGO
2 address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255
interface=LAN_SM actual-interface=LAN_SM
[admin@MikroTik] > /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
0 ADC dst-address=190.120.X.X/30 pref-src=190.120.X.X interface=WAN
scope=10 target-scope=0
1 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.1 interface=LAN_IGO
scope=10 target-scope=0
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1 interface=LAN_SM
scope=10 target-scope=0
3 A S ;;; added by setup
dst-address=0.0.0.0/0 gateway=190.120.X.X interface=WAN
gateway-state=reachable scope=255 target-scope=10
[admin@MikroTik] > /interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R LAN_SM ether 0 0 1500
1 R WAN ether 0 0 1500
2 R LAN_IGO ether 0 0 1500
[admin@MikroTik] > /ip firewall export
/ ip firewall mangle
add chain=prerouting src-address-list=sm action=mark-connection \
new-connection-mark=sm_cnn passthrough=yes comment="" disabled=no
add chain=forward connection-mark=sm_cnn action=mark-packet \
new-packet-mark=sm_traffic passthrough=no comment="" disabled=no
/ ip firewall nat
add chain=srcnat out-interface=LAN_IGO action=masquerade comment="" \
disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m \
tcp-syncookie=no
/ ip firewall address-list
add list=sm address=192.168.1.0/24 comment="" disabled=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
Thanks
You do not have the required permissions to view the files attached to this post.
Re: Can't ping from LAN1 to LAN2
How did the ping test sourced from the other LAN interface go?
Re: Can't ping from LAN1 to LAN2
I cant ping from LAN1 to LAN2
Neither LAN2 to LAN1
From LAN1 i can ping to 192.168.0.1 and 192.168.1.1
From LAN2 i can ping to 192.168.0.1 and 192.168.1.1 too..
i Dont Know if I have to add some route in the Router to bridge networks...
Thanks...
Neither LAN2 to LAN1
From LAN1 i can ping to 192.168.0.1 and 192.168.1.1
From LAN2 i can ping to 192.168.0.1 and 192.168.1.1 too..
i Dont Know if I have to add some route in the Router to bridge networks...
Thanks...
Re: Can't ping from LAN1 to LAN2
If you can ping both LAN interfaces then obviously routing is working. Also, bridging and routing are completely different things.
Disable all host firewalls, try again. Your host firewalls are blocking ping from all networks they aren't directly connected to.
Disable all host firewalls, try again. Your host firewalls are blocking ping from all networks they aren't directly connected to.
Re: Can't ping from LAN1 to LAN2
I think that is not the problem, im using a ubiqui NanoStation, with factory defaults(192.168.1.20).
and W7 firewall disabled(192.168.0.10)...
From the router i can ping each host on each LAN...
But from LAN just can ping to the router interfaces...
I dont know why network is unreachable if i can ping their gateway...
Thanks..
and W7 firewall disabled(192.168.0.10)...
From the router i can ping each host on each LAN...
But from LAN just can ping to the router interfaces...
I dont know why network is unreachable if i can ping their gateway...
Thanks..
Who is online
Users browsing this forum: bp0 and 40 guests