Hi Guys,

I've got a small problem, and I'm sure I'm overlooking something, but for the life of me I can't see where the problem lies.

I'm trying to ping a router (aka WAN) connected to my Mikrotik.

Huawei Router (192.168.8.1) <=> (192.168.8.2) Mikrotik Router (192.168.168.91)<=> LAN (192.168.168.80/28).

General connectivity is fine, and I do have a masquerade rule.

From the Mikrotik, I can ping the Huawei Router, but I can't ping the Huawei router from the LAN, which is very strange.


Routing Table:
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 X S 0.0.0.0/0 VPN-OVPN-kwagga... 1
1 A S 0.0.0.0/0 192.168.8.1 1
2 X S 0.0.0.0/0 192.168.1.1 1
3 X S 192.168.2.1/32 WAN 1
4 ADC 192.168.8.0/24 192.168.8.2 WAN 0
5 S 192.168.8.0/24 WAN 1 (Thought explicitly adding a static rule might help)
6 ADC 192.168.168.80/28 192.168.168.91 bridge-local 0
7 ADC 192.168.169.80/28 192.168.169.81 Bridge-USA 0

NAT Rule:
0 chain=srcnat action=masquerade out-interface=WAN log=no log-prefix=""

Addresses:
[kwagga@kwagganet] > ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 ;;; default configuration
192.168.168.91/28 192.168.168.80 bridge-local
1 X 192.168.1.2/24 192.168.1.0 WAN
2 192.168.169.81/28 192.168.169.80 Bridge-USA
3 192.168.8.2/24 192.168.8.0 WAN

I have checked my firewall rules, and nothing stands out, I've even completely disabled all the block rules.

Can anyone see something I'm missing. I've even checked the other sites, where the same setup is applied, and they work fine. I'm running ROS 6.29.1.