2 public ips block /29 on 2 separate interfaces cannot ping between

RouterOS General
1

Hi guys

i have a strange issue we have been recently assigned a Public IP /22 to our company , so BGP route is running all setup default BGP route, and we have peers working already.

So we have created the filter rule to accept everything inside our /22 block

on second mikrotik device we the following scenario below:

we have setup 2 servers on 2 different specific mikrotik interfaces with their corresponding /29 blocks

example description


WAN SFP+1 Public IP 10.156.156.2 gateway default route 0.0.0.0/0 to gateway 10.156.156.1 ( which is sitting on the main Mikrotik device with block /22 and BGP)
We have also created the correct filter rules to accept the ipv4 public /22 block in the second mikrotik device on top of any other firewall rule from the second mikrotik.

now on the second mikrotik the following ips below as an example

LAN1 IP block 10.156.156.26/29

Network: 10.156.156.24
Gateway: 10.156.156.25
Server1 IP: 10.156.156.26
netmask: 255.255.255.248


from Server 1 i can browse the internet just fine, ping anywhere outside on the internet


LAN2 interface IP block: 10.156.156.126/29

Network 10.156.156.124
Gateway 10.156.156.125
Server 2 IP 10.156.156.126
Netmask 255.255.255.248


Again server 2 can browse the internet just fine, and can ping anywhere outside on the internet…


From Lan1 IP 10.1.10.26 i can only Ping to LAN2 Gateway 10.1.10.125

From Lan2 IP 10.1.10.126 i can only ping to LAN1 Gateway 10.1.10.25

i cannot ping directly from Server 1 IP to server2 IP and vice versa..

On LAN3 we have a internal LAN IP block /24 192.168.100.0/24 with masquerade enabled on ether LAN3 and from LAN 3 internal Private IP i can ping anywhere both gateways from both lan1 and lan2, and i can also ping on the IPs sever1 and server2…

Because LAN1 and LAN2 are on Public Ips, and i have firewall rule Accept i should not need to masquerade the interfaces or should i ?





Bare in mind this ips are just an example, as we are using current IPv4 public ips on both WAN , Lan1, LAN2


Any ideas will be appreciated as i am kind of lost on this One..


Update: i have enabled masquerade on both LAN1 and LAN2 interfaces and i had no sucess, just the same result


on IP routes i have the first rule as


0.0.0.0/0 on gateway 10.156.156.1 from first MKT where Internet LINK from ISP backbone input link.

2

Please provide a drawing (a photo of a handmade one is sufficient, the contents is important, not the form) of how the three devices are physically interconnected and the export of their configuration, following the anonymisation hint in my automatic signature just below. Here, preserving the relationship among the IP subnets, address lists etc. used on all the devices is critical, so be careful.

3

From Lan1 IP 10.1.10.26 i can only Ping to LAN2 Gateway 10.1.10.125
From Lan2 IP 10.1.10.126 i can only ping to LAN1 Gateway 10.1.10.25

You have not introduced “Lan1” and “Lan2” with the above IPs.
Are they distinct from “LAN1” and “LAN2”?
If yes, what are their netmasks?
Ie. 10.1.10.x you have not documented.
FYI:

$ ipcalc 10.156.156.2/22
Address: 10.156.156.2 00001010.10011100.100111 00.00000010
Netmask: 255.255.252.0 = 22 11111111.11111111.111111 00.00000000
Wildcard: 0.0.3.255 00000000.00000000.000000 11.11111111
=>
Network: 10.156.156.0/22 00001010.10011100.100111 00.00000000
HostMin: 10.156.156.1 00001010.10011100.100111 00.00000001
HostMax: 10.156.159.254 00001010.10011100.100111 11.11111110
Broadcast: 10.156.159.255 00001010.10011100.100111 11.11111111
Hosts/Net: 1022 Class A, Private Internet

>

As @sindy wrote, you should provide a drawing and config excerpts.
4

Hiya sorry for late reply



Mikrotik CCR1 main Link input

block Ipv4 example 10.156.156.0/22


firewall rule
chain: srcnat
action: accept
10.156.156.0/22

IP mikrotik CCR1 10.12.12.1

IP Route 10.156.156.0/22 reachable on gateway 10.12.12.2 (This is gateway of mikrotik ccr2 device)


then on MK2 ccr device we have the following assigend ip blocks

LAN 1 ether interface 10.156.159.26/29 with gateway 10.156.159.25 (and actual server1 connected with IP 10.156.159.26) also internet working fine

and

LAN2 ether interface 10.156.159.125/29 with gateway 10.156.159.121 ( and actual server2 connected with IP 10.156.159.26) also internet working fine


Problem is from Server 1 i cannot ping server2 IP… but i can ping gateway server2 and vice versa Server2 cannot ping server1 but can ping gateway server1


i also have a block PPOE users running.. 10.156.158/24 internet working fine on all of them, but i cannot ping neither server1 or server2 ips.. but i can ping both gateways ips from each server..


At last we have Ether3 interface setup with a internal private LAN ip 192.168.100.0/24 from this ether3 internal IP we can ping anywhere… server1 and 2 ips, both gateways… and we can also surf the internet fine…


On mikrotik ccr2 device we have IP route 0.0.0.0/0 gateway 10.12.12.1 (this is IP of MKT CCR1)


between MKT1 and MKT2 device we have a switch MKT CR317 in SwitchOS mode no ips assigned, just plugged in 10gbps network ports.

i will try to design a simple schematics later.