I’m doing work for someone remotely. (we’re both in the US, but 1,000 miles apart)
We started out with one DSL connection, we’ve got three now.
The DSL provider routes a /26 to us for DSL #1. Our Cisco has it broken down in to smaller subnets, but for the most part, just has static routes passing them all to the RB1100. The DSL modem (216.x.x.65/30) is connected to Ethernet2/0 (216.x.x.66/30), a 24 port un-managed switch is connected to FastEthernet0/0 (216.x.x.113/28). Everything on that subnet uses .113 as it’s default gateway.
Then we added a MikroTik RB1100. It’s ether13 (216.x.x.116/28) is plugged in to the 24 port switch. The RB1100’s default gateway is the Cisco’s FastEthernet0/0 IP (.113).
Everything has been fine this way, with the Cisco and the one DSL connection. There are some Linux machines plugged in to the 24 port switch (same subnet as .113 & .116 above), some access points plugged in to the RB1100 (different subnets).
We added DSL connections #2 and #3 and connected them to the RB1100. Originally the DSL provider had to fix their configuration for #3, but now they seem fine, I can connect to the RB1100 using the interface IPs, ping, traceroute, in and out all good. The plan was to have the three DSL connections connected to ether1, ether2, ether3 and set up PCC (http://wiki.mikrotik.com/wiki/Manual:PCC).
We tried to move DSL #1 from the Cisco to the RB1100, but from the outside, I can only get to 216.x.x.65 (modem) and 216.x.x.66 (RB1100 ether1). I can’t even ping other IPs on the RB1100. From the inside, from a server, I can’t traceroute out past the RB1100, everything times out after that. From the outside, traceroute to anything else shows the DSL provider’s WAN IP (209.x.x.x) as the last hop before it times out. No mangle or NAT rules are enabled at all. Some filter rules in input chain to protect RB1100, even tried disabling those while grasping at straws, but that’s it.
If I enable SNAT for everything going out the RB1100’s DSL #1 interface, then traffic goes out, but of course that doesn’t help anything coming in.
When I added a firewall rule to log all icmp packets coming in, it did log a ping to .66, but when I tried to ping .113, nothing, as if it’s not even making it there at all.
Do we have some crazy DSL modem issues going on, or do I need to fix something? I’ve been staring at this so long (like at 04:00 this morning), it’s definitely possible that I’m missing something obvious.
Of course the person I spoke to last night at the DSL provider says they are not responsible for anything past the LAN IP (.65) and the techs won’t be able to do anything, basically didn’t even bother to write down my details for the ticket, a request to clear their ARP cache or remotely go in to the modem even if they don’t think it will do anything… I’m wondering if something is going on where something is hung up on the Cisco’s MAC address. As soon as we moved it back to the Cisco, all was fine again.
[ To the DSL provider’s defense, last time I contacted them via online chat in the middle of the day, they were very helpful and fixed their configuration error… ]
FYI, I’ve been using Linux for decades, Cisco on and off for years too (depending on what my clients have), but it’s only been a few months for MikroTik.
As soon as we can notify the customers of another planned “maintenance window” and/or hear back from the DSL provider’s tech, I’m going to try some other things, but right now, I don’t have any great ideas.
Thanks in advance for any advice,
Jason