Basic LAN to LAN

tyr76 · July 14, 2016, 3:31pm

Setup is

RB750Gr2, 5 independent ethernet ports, WAN1 - WAN2 (PCC load) , LAN3 10.10.10.1 (10.10.10.0/29) , LAN5 192.168.0.1 (192.168.0.0/24)
Default routes for each segment, each LAN is correctly natted outside.

ISSUE → I can’t ping from 10.10.10.3 to 192.168.0.100 (whereas i can from 10.10.10.3 to 192.168.0.1)
Last firewall rule is DROP ALL
Tried to implement a forward rule for LAN3 and LAN5 but no luck (rule is placed at the top of the FW list)

Any suggestion? I feel like i’m missing a stupid thing

Thanks

nickshore · July 14, 2016, 3:43pm

Have you check that the device on 192.168.0.100 has a default route of 192.168.0.1 ?

Also have you checked that your NAT rule has an out interface specified ?

tyr76 · July 14, 2016, 3:53pm

Hi Nick!
default route on 192.168.0.100 is 192.168.0.1
NAT is done at srcnat level, rules are just 2 (as 2 are the WAN)

chain=srcnat action=masquerade out-interface=pppoe1
chain=srcnat action=masquerade out-interface=pppoe2

traffic is mangled to route packets correctly (if a packet goes outside / comes from WAN1 is marked accordingly and further packets are sent from that interface)
But this is the part which works perfectly, no LAN to WAN issues, only LAN to LAN

k6ccc · July 14, 2016, 4:48pm

Check your routes table. There should be dynamic routes for each LAN port.

tyr76 · July 15, 2016, 6:32am

I’ve tried a traceroute (without name resolution) and found out the LANx to LANy packets are sent outwards
I fear these mangling rules are responsible

;;; PCC load balance
chain=prerouting action=mark-connection new-connection-mark=wanA_conn passthrough=yes dst-address-type=!local in-interface=LAN5
per-connection-classifier=both-addresses-and-ports:2/1 log=no log-prefix=“”

Where does RouterOS set which addresses are local and which are not?