Can't ping through bridge

twoopi · March 4, 2014, 5:28am

I’m still kinda new to all this, but I’ve had bridges working before.

I’ve set up a CRS125 for a friend, using PCC to share the internet connections.

The internet connections are working flawlessly, and the friend is really happy with that side of things, but for some reason I can’t ping between the bridges, or even between computers on the same bridge. I’m really not sure what’s going on, it might be something really simple, but I’m not too experienced with all this.

The way its set up is as follows

/ip address

add address=192.168.0.3/27 comment="Daniel PC" interface=bridge2 network=192.168.0.0
add address=192.168.0.130/25 comment="Ports 7-24 + wifi" interface=bridge1 network=\
    192.168.0.128

/ip firewall nat

add action=masquerade chain=srcnat out-interface=ISP1
add action=masquerade chain=srcnat out-interface=ISP2

/ip firewall mangle

add action=mark-connection chain=input in-interface=ISP1 new-connection-mark=\
    In_ISP1
add action=mark-connection chain=input in-interface=ISP2 new-connection-mark=\
    In_ISP2
add action=mark-routing chain=output connection-mark=In_ISP1 new-routing-mark=\
    Out_ISP1
add action=mark-routing chain=output connection-mark=In_ISP2 new-routing-mark=Out_ISP2
add action=mark-connection chain=prerouting dst-address=!192.168.0.0/24 in-interface=\
    bridge2 new-connection-mark=In_ISP1 per-connection-classifier=\
    both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address=!192.168.0.0/24 in-interface=\
    bridge2 new-connection-mark=In_ISP2 per-connection-classifier=\
    both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=In_ISP1 in-interface=\
    bridge2 new-routing-mark=Out_ISP1
add action=mark-routing chain=prerouting connection-mark=In_ISP2 in-interface=bridge2 \
    new-routing-mark=Out_ISP2
add action=mark-connection chain=prerouting dst-address=!192.168.0.0/24 in-interface=\
    bridge1 new-connection-mark=In_b1
add action=mark-routing chain=prerouting connection-mark=In_b1 in-interface=bridge1 \
    new-routing-mark=Out_b1

Although even when I disabled all the mangle rules, I still can’t ping between computers on the same bridge.

jaykay2342 · March 4, 2014, 8:12pm

any filter rules in place? check also filter for the bridgedtraffic ( /interface bridge filter )

efaden · March 4, 2014, 9:13pm

Post your full export.

Sent from my SCH-I545 using Tapatalk

twoopi · March 5, 2014, 7:34am

The setup is a little messy, he’s tried to mess around to fix it too, but no luck.

There’s no filter rules set.
export.rsc (8.9 KB)

efaden · March 5, 2014, 12:27pm

I’ll read it tonight when I get a chance.

twoopi · March 6, 2014, 11:42am

Did you get any chance to check it?

Thanks in advance.

efaden · March 6, 2014, 5:13pm

Not fully. But I’m wondering if you aren’t routing marking too much… e.g. the pings.

twoopi · March 7, 2014, 4:26am

The local traffic isn’t getting marked, all marks exclude 192.168.0.0/16 for the dst

SurferTim · March 7, 2014, 11:59am

A couple things you might check. The default settings for the CRS125 show that all ports are switched. I do not see in your export where you removed them from the switch. You might want to check that in “/interface ethernet”.

This also concerns me. The netmask entries are not the same in the “/ip address” and the “/ip dhcp-server network” entries.

/ip address
add address=192.168.0.3/27 comment=“Daniel PC” interface=bridge2 network=
192.168.0.0
add address=192.168.0.130/25 comment=“Ports 7-24 + wifi” interface=bridge1
network=192.168.0.128
add address=192.168.0.33/27 comment=Cathy interface=ether4 network=
192.168.0.32
add address=192.168.0.66/27 comment=Erwin interface=ether3 network=
192.168.0.64

/ip dhcp-server network
add address=192.168.0.0/25 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.3
add address=192.168.0.32/27 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.33
add address=192.168.0.128/25 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.130

Just a thought…

twoopi · March 7, 2014, 1:01pm

Hmm, yeah they’re all set to switched and can’t be disabled. Is there any way to turn off the switching and just use a regular bridge? As I said, I’m kind of new to all this, and haven’t used switching at all.

SurferTim · March 7, 2014, 1:06pm

I haven’t worked with a CRS125 yet, but most Mikrotik equipment has a way to remove ports from the switch.

/interface ethernet
set X master-port=none

Replace X with the line number of the interface you want to remove from the switch.

twoopi · March 7, 2014, 1:36pm

They’re all set to master-port=none, but they’re still linked to switch1, would that be causing an issue?

SurferTim · March 7, 2014, 1:37pm

I will guess the answer is “yes”.

Tmcdon · March 15, 2014, 3:39pm

I am experiencing the exact same issues with our new crs. Have you made in headway in resolving them?

Tom