cannot make pings at my radius server

Solusan · February 1, 2007, 2:35pm

Hi,

I’m following this tutorial:

http://wiki.mikrotik.com/wiki/How_to_setup_up_RADIUS_for_use_with_MikroTik_-_By_Ramona

But … i can’t make ping at my radius server, i’ts strange cause I have this NAT rules:

[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat action=masquerade 

 1   ;;; masquerade hotspot network
     chain=srcnat src-address=10.59.1.0/24 action=masquerade 

 2   ;;; masquerade hotspot network
     chain=srcnat src-address=192.168.1.0/24 action=masquerade 

 3   ;;; masquerade hotspot network
     chain=srcnat src-address=172.27.0.0/16 action=masquerade 

 4 X ;;; masquerade hotspot network
     chain=srcnat src-address=10.59.1.0/24 action=masquerade 

 5 X ;;; masquerade hotspot network
     chain=srcnat src-address=192.168.1.0/24 action=masquerade

And i’m triying tomake ping at 192.168.1.70 (radius).

This Ip is alive cause i’m making ssh from my admin pc.

any idea?

Txs a lot.

acim · February 2, 2007, 12:50am

Hmm, this is not quite right way to do masquerading. I would at least add outgoing interface to each NAT rule, but since these are all private networks, I would rather do routing instead of NAT-ing. How many network cards you have in this machine?

Solusan · February 2, 2007, 9:31am

I have 3 networkcards.

How could it be?

txs.

acim · February 2, 2007, 9:37am

Please give some drawing or more information. I need to know interface names, IP addresses on your three interfaces and what networks are behind them.

virtualmystic · February 3, 2007, 6:10pm

Solusan

[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade

1 ;;; masquerade hotspot network
chain=srcnat src-address=10.59.1.0/24 action=masquerade

2 ;;; masquerade hotspot network
chain=srcnat src-address=192.168.1.0/24 action=masquerade

3 ;;; masquerade hotspot network
chain=srcnat src-address=172.27.0.0/16 action=masquerade

4 X ;;; masquerade hotspot network
chain=srcnat src-address=10.59.1.0/24 action=masquerade

5 X ;;; masquerade hotspot network
chain=srcnat src-address=192.168.1.0/24 action=masquerade

better add single nat rule puting all these classes in single address list. then define ur radius ip in NOT src addressso that its traffic goes without nat.

another good scenario is to keep ur server’s on saperate interface with saperate ip class…that will be good with security purposes too.

Asad