I have a simple router config problem that is giving me grief, can’t seem to solve it. Running 6.0rc6 on all routers (maybe THAT’s the problem!)
I have two Routers: A and B. (A) uplinks to the internet (eg: eth1, 1.1.1.2/31, gw: 1.1.1.1), and has a private net (10.20.1.1/24) on eth2. Eth2 is links to router (B).
On Router (B) I have three interfaces:
eth1 (10.20.1.2/24) which links back to router (A).
eth2 (10.21.1.1/24)
eth3 (10.22.1.1/24)
I have devices on the eth2 and eth3 segments (10.21.1.10 and 10.22.1.10, and some DHCP clients, etc).
dst-address 10.22.1.0/24: gateway 10.20.1.2 (reachable)
Also, I have default route of 0.0.0.0/0 on Router (B) to send back up to router a at 10.20.1.1 (reachable), and the same on router (a) to 1.1.1.1.
From router (A), I can ping the devices on eth2 and eth3 fine (10.21.1.10 and 10.22.1.10), and those devices can ping anything, including the internet just fine.
Problem: I cannot ping the gateway addresses on eth2/eth3 on Router (B) 10.21.1.1, or 10.22.1.1 from Router (A) (which means anything upstream from router A as well cannot ping these addresses).
When I attempt a ping from Router A (Mikrotik) to GW on Router B eth2 or eth3, (10.21.1.1 or 10.22.1.1) I get a bunch of “redirect host” replies and TTL timeouts. ???
Other weird observations: When I ping the gateway from the router that owns that gateway (eg, pinging 10.21.1.1 from router (B) ping tool, it replies but the reply times are 2-8ms – which makes no sense since it’s ON THE SAME ROUTER, should be ~0ms. All devices can get out to the internet. And all non-router devices can ping all other non-router devices. I just can’t ping the router gateway ip addresses on Router (B) on eth2 or eth3. I can ping the gateway addresses on Router (A) just fine (10.20.1.1 and 1.1.1.2) from anywhere.
10.20.1.20 is a wirless radio (UBNT Rocket) that is physically connected to ether2 on Router (B). It is pingable from both Routers. It’s responsible for one end of the link between the routers. On the Router (A) side, there is another corresponding radio device at 10.20.1.13 connected to ether6.
On Router (A), I went ip->arp and printed the ARP table. I deleted (from the list here) entries that are not in the 10.x subnet. I don’t see any 10.21.x.x or 10.22.x.x in the ARP table. I do see 10.20.1.20 in there, and those pings would pass through that device, but that’s not the target’s MAC address.
[admin@RouterA] /ip arp> p
Flags: X - disabled, I - invalid, H - DHCP, D - dynamic
ADDRESS MAC-ADDRESS INTERFACE
5 D 10.20.1.13 00:27:22:8A:A1:ED ether1-priv
7 D 10.20.1.20 00:27:22:8A:A7:2C ether1-priv
8 D 10.20.1.50 00:27:22:DE:87:EA ether1-priv
9 D 10.20.1.10 DC:9F:DB:14:9A:76 ether1-priv
17 D 10.20.1.195 00:27:22:DE:87:EA ether1-priv
18 D 10.20.1.2 00:27:22:8A:A7:2C ether1-privDo I need to be looking in the IP / Neighbor list?
If you look at those ARP entries the problem seems to be that the same MAC address is showing for 10.20.1.20 and 10.20.1.2 even although 10.20.1.2 is assigned to router B.
I suspect this is being caused by something in the configuration of the radio devices. The ping request to is probably being circled around until the TTL expires.
Ah ha. You just helped me solve this. Thanks very much!
Here’s the rest of the story:
The :2C MAC is the radio (Ubiquiti Rocket M5) on the receiving radio (connected to Router B), and is responsible for all traffic to Router B. I’m using a Ubiquiti Radio and it has what is called a “WDS Transparency mode” that is disabled by default. This mode does what (I now know) is called ARP NAT – it presents itself on behalf of all other MAC addresses on the other side of the network. I don’t know why this would be disabled by default, it should be enabled, but whatever. I turned WDS on and those ARP entries are now reflected on Router A and everything pings now as it should.
What I still don’t understand (but doesn’t block me) is: How could it still ping other devices through Router B. Curious, but I’m up and running.