Hi,
I have strange NAT issue that I am trying to solve and will appreciate any help or guidance you can provide.
I have external network where my routers are connected. It is on 10.0.p.0/24 subnet with IPs of 10.0.0.138 & 10.0.0.254 . On my mikrotik router I have the address 10.0.0.199 as you can see:
5 ;;; External
address=10.0.0.199/24 network=10.0.0.0 interface=bridge1
actual-interface=bridge1
I am able to ping from the mikrotik itself to the two routers:
[admin@rtr-mt-main] > ping 10.0.0.138
SEQ HOST SIZE TTL TIME STATUS
0 10.0.0.138 56 64 0ms
1 10.0.0.138 56 64 0ms
2 10.0.0.138 56 64 0ms
sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
[admin@rtr-mt-main] > ping 10.0.0.254
SEQ HOST SIZE TTL TIME STATUS
0 10.0.0.254 56 64 6ms
1 10.0.0.254 56 64 2ms
2 10.0.0.254 56 64 2ms
3 10.0.0.254 56 64 2ms
sent=4 received=4 packet-loss=0% min-rtt=2ms avg-rtt=3ms max-rtt=6ms
The routing is working fine and I am able to connect to the internet from all devices in my network through both routers. I have two routes with different AD numbers to allow redundancy.
You can see output of tracert from my home machine going out from both routers:
tracert -d 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.2.254
2 <1 ms <1 ms <1 ms 10.0.0.138
3 10 ms 19 ms 19 ms 215.180.37.1
4 13 ms 13 ms 15 ms 10.250.0.162
5 10 ms 9 ms 10 ms 212.25.77.2
6 10 ms 10 ms 9 ms 10.90.99.9
7 48 ms 48 ms 48 ms 74.125.51.88
8 48 ms 48 ms 48 ms 74.125.244.209
^C
tracert -d 9.9.9.9
Tracing route to 9.9.9.9 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.2.254
2 3 ms 3 ms 3 ms 10.0.0.254
3 75 ms 54 ms 42 ms 10.21.30.179
4 199 ms 64 ms 39 ms 10.21.30.161
5 46 ms 59 ms 37 ms 10.21.111.11
^C
The issue is , I am unable to connect to the two routers directly from my network:
ping 10.0.0.138
Pinging 10.0.0.138 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.0.0.138:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
tracert -d 10.0.0.138
Tracing route to 10.0.0.138 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.2.254
2 * * * Request timed out.
3 * * * Request timed out.
4 ^C
(192.168.2.254 is one of the mikrotik IPs)
I checked the firewall rules and NAT rules , but i don’t see anything that would block me from access the two routers:
[admin@rtr-mt-main] > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; Access from home computer to external bridge
chain=forward action=accept src-address=192.168.2.191
dst-address=10.0.0.0/24 log=no log-prefix=""
[admin@rtr-mt-main] > ip firewall nat print
....
6 ;;; NAT to External network
chain=srcnat action=src-nat to-addresses=10.0.0.199
out-interface=bridge1 log=no
I have no idea what could be the problem or what more can I check . It used to work , but for some reason it stopped. I am not sure when and I tried reverting configuration to old backup , but it did not help. Since all traffic is working as it should, I only notice this issue when trying to access the external routers directly to change configuration , and it only happens once in a blue moon, so no idea what was changed.
Please , any help will be appreciated.
Also - this is my second posting as the last one was probably rejected (hoping this will not happen again)
Thanks.