2nd WAN issue, unable to ping internet from Mikrotik itself

blackzero · September 12, 2019, 1:47am

My configs are as follow:

1st WAN (Port No 1): Dedicated ISP Line → port 1 mikrotik → switch → LAN. All works fine.
2nd WAN (Port No 3): Modem Mifi → to Mikrotik through port 3 (RJ45 interface modem)-> Switch → LAN.
modem can ping internet, Mikrotik can ping modem, modem can ping Mikrotik but Mikrotik can’t ping internet through this modem.

LAN is Port no 2. I removed inactive ports because it’s irrelevant in /interface print detail

Config export:

/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                           
 0   192.168.10.2/24    192.168.10.0    DLINK                                                                                                                               
 1   112.xx.xx.3/27    112.xx.xx.0    internet                                                                                                                            
 2   112.xx.xx.4/27    112.xx.xx.0    internet                                                                                                                            
 3   112.xx.xx.5/27    112.xx.xx.0    internet                                                                                                                            
 4   112.xx.xx.6/27    112.xx.xx.0    internet                                                                                                                            
 5   192.168.11.20/24   192.168.11.0    LAN                                                                                                                                 
 6   192.168.12.20/24   192.168.12.0    LAN


/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  name="DLINK" default-name="ether3" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1592 max-l2mtu=9578 mac-address=74:4D:28:1A:7B:E2 
       last-link-down-time=sep/12/2019 08:38:53 last-link-up-time=sep/12/2019 08:38:57 link-downs=3 
 1  R  name="LAN" default-name="ether2" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1592 max-l2mtu=9578 mac-address=74:4D:28:1A:7B:E1 last-link-up-time=sep/11/2019 13:44:54 
       link-downs=0 
12  R  name="internet" default-name="ether1" type="ether" mtu=1500 actual-mtu=1500 l2mtu=1592 max-l2mtu=9578 mac-address=74:4D:28:1A:7B:E0

/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 A S  dst-address=0.0.0.0/0 gateway=internet gateway-status=internet reachable distance=1 scope=30 target-scope=10 
 1 A S  dst-address=0.0.0.0/0 gateway=192.168.10.1 gateway-status=192.168.10.1 reachable via  DLINK distance=2 scope=30 target-scope=10 
 2 ADC  dst-address=112.xx.xx.0/27 pref-src=112.xx.xx.3 gateway=internet gateway-status=internet reachable distance=0 scope=10 
 3 ADC  dst-address=192.168.10.0/24 pref-src=192.168.10.2 gateway=DLINK gateway-status=DLINK reachable distance=0 scope=10 
 4 ADC  dst-address=192.168.11.0/24 pref-src=192.168.11.20 gateway=LAN gateway-status=LAN reachable distance=0 scope=10 
 5 ADC  dst-address=192.168.12.0/24 pref-src=192.168.12.20 gateway=LAN gateway-status=LAN reachable distance=0 scope=10

Is there anything wrong with my setup? Originally I wanted to do failover but seeing I can’t even ping I don’t proceed.

mkx · September 12, 2019, 5:09am

How did you try to ping internet via secondary modem? If by using /ping, you might have to set src-address with IP correct for interface DLINK. I’ve had my share of problems when RB chose wrong own address when pinging and the remote party did not have appropriate route to reply back.

Other than that, if you connect some PC directly to D-Link modem, does that PC have working internet connection?

blackzero · September 12, 2019, 7:27am

~~[quote=mkx post_id=749721 time=1568264986 user_id=87277]~~
How did you try to ping internet via secondary modem? If by using /ping, you might have to set src-address with IP correct for interface DLINK. I’ve had my share of problems when RB chose wrong own address when pinging and the remote party did not have appropriate route to reply back.

Other than that, if you connect some PC directly to D-Link modem, does that PC have working internet connection?
[/quote]

I am using /tools ping (winbox) and specify the Interface specifically through DLINK. Here’s the screenshot https://imgur.com/a/CoWqQrQ

When I connect my laptop via ethernet card to that DLINK, it automatically assigns IP Address for my laptop and I can browse just fine. Internet works fine on DLINK, just not through Mikrotik.

~~[quote=Elsie541 post_id=749716 time=1568263611 user_id=148055]~~
Why last two(5 and 6) have same IP address?
[/quote]

Those two aren’t the same I think? It’s for VLAN.

Anumrak · September 12, 2019, 1:38pm

Does the address of router is up to NAT rules?

mkx · September 12, 2019, 2:39pm

I think you should post full configuration. Fetch it executing command /export hide-sensitive and redact public IP addresses …

blackzero · September 13, 2019, 2:54am

I think I found the issue.

/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 0 A S  dst-address=0.0.0.0/0 gateway=internet gateway-status=internet reachable distance=1 scope=30 target-scope=10 
 1 A S  dst-address=0.0.0.0/0 gateway=192.168.10.1 gateway-status=192.168.10.1 reachable via  DLINK distance=2 scope=30 target-scope=10 
 2 ADC  dst-address=112.xx.xx.0/27 pref-src=112.xx.xx.3 gateway=internet gateway-status=internet reachable distance=0 scope=10 
 3 ADC  dst-address=192.168.10.0/24 pref-src=192.168.10.2 gateway=DLINK gateway-status=DLINK reachable distance=0 scope=10 
 4 ADC  dst-address=192.168.11.0/24 pref-src=192.168.11.20 gateway=LAN gateway-status=LAN reachable distance=0 scope=10 
 5 ADC  dst-address=192.168.12.0/24 pref-src=192.168.12.20 gateway=LAN gateway-status=LAN reachable distance=0 scope=10

#0 and #1 can’t be active together. Mikrotik rejects to connect through DLINK since 0 is a shorter distance than 1.

To test this, I specifically added new route to 1.1 for Internet and 8.8.8.8 for DLINK and now my LAN can ping both through its own special route. I also tested both with tracert from Windows box on LAN and I can confirm the each went through the different interface.

Here’s the new route.

/ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          internet                  1
 1   S  0.0.0.0/0                          192.168.10.1              2
 2 A S  1.0.0.1/32                         192.168.10.1              2
 3 A S  8.8.8.8/32                         internet                  1
 4 ADC  112.xx.xx.0/27    112.xx.xx.3    internet                  0
 5 ADC  192.168.10.0/24    192.168.10.2    DLINK                     0
 6 ADC  192.168.11.0/24    192.168.11.20   LAN                       0
 7 ADC  192.168.12.0/24    192.168.12.20   LAN                       0

Hopefully someone else stumbling to this topic will benefit from this write up.