Hi

I have a weird problem and have not been able to find a solution but I am convinced it is a configuration issue.

The device is a RB600A on OS v5rc5

This is a high site on a clients roof. The user gets internet through it via cat5 on ether1 and gain IP setting via DHCP from the RB.

Now from the routerboard we can resolve and ping external domains names and ip address on the internet however from the client’s PC they get IP settings from the DHCP server, can resolve DNS, can ping the routerboard and winbox to it but they cannot gain access past the routerboard. It just times out.

We have set an open route and masquerading. Everything that comes via this highsite on wireless works fine, just not the user on ether1.

I am at a loss as to why the client cannot get past the RB. It is almost as if the client is not passing through the gateway on the routerboard.

Anyone come across this problem on a RB600 or other routerboards?

Regards
Mark

Have you verified that the client is getting the right gateway via DHCP? Have you checked if any firewall rules are blocking the client?

Post the output of “/ip address print detail”, “/ip route print detail”, “/ip dhcp-server export”, “/ip pool export”, and “/ip firewall export”.

Hi. The client is getting the gateway we set on their range to the RB. There are no firewall rules. We did discover that when setting masquerading we then cannot access the unit via Winbox remotely only via ether1 and MAC Telnet. It is starting to look like the ethernet chip may be faulty.

/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=192.168.10.1/24 network=192.168.10.0 broadcast=192.168.10.255 interface=ether1 actual-interface=ether1

1 address=10.10.2.2/24 network=10.10.2.0 broadcast=10.10.2.255 interface=1north actual-interface=1north

2 address=10.10.3.1/24 network=10.10.3.0 broadcast=10.10.3.255 interface=3east actual-interface=3east

3 address=10.10.11.1/24 network=10.10.11.0 broadcast=10.10.11.255 interface=4west actual-interface=4west

4 X address=10.10.98.1/24 network=10.10.98.0 broadcast=10.10.98.255 interface=1north actual-interface=1north


/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=10.10.2.1 gateway-status=10.10.2.1 reachable 1north check-gateway=ping distance=1 scope=30 target-scope=10

1 ADC dst-address=10.10.2.0/24 pref-src=10.10.2.2 gateway=1north gateway-status=1north reachable distance=0 scope=10

2 ADC dst-address=10.10.3.0/24 pref-src=10.10.3.1 gateway=3east gateway-status=3east reachable distance=0 scope=10

3 ADC dst-address=10.10.11.0/24 pref-src=10.10.11.1 gateway=4west gateway-status=4west reachable distance=0 scope=10

4 ADC dst-address=192.168.10.0/24 pref-src=192.168.10.1 gateway=ether1 gateway-status=ether1 unreachable distance=0 scope=200


ip dhcp-server export

dec/15/2010 17:33:39 by RouterOS 5.0rc5

software id = R3J5-MN5D

/ip dhcp-server
add address-pool=pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether1 lease-time=3d name=dhcp1
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1 netmask=24


ip pool export

dec/15/2010 17:34:16 by RouterOS 5.0rc5

software id = R3J5-MN5D

/ip pool
add name=pool1 ranges=192.168.10.2-192.168.10.6


ip firewall export

dec/15/2010 17:34:42 by RouterOS 5.0rc5

software id = R3J5-MN5D

/ip firewall connection tracking
set enabled=yes generic-timeout=0ms icmp-timeout=0ms tcp-close-timeout=0ms tcp-close-wait-timeout=0ms tcp-established-timeout=0ms tcp-fin-wait-timeout=0ms
tcp-last-ack-timeout=0ms tcp-syn-received-timeout=0ms tcp-syn-sent-timeout=0ms tcp-syncookie=no tcp-time-wait-timeout=0ms udp-stream-timeout=0ms
udp-timeout=0ms
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no

Looks like the RB600 is faulty.

If we set masquerading or a bridge on the unit it half locks up and we lose winbox access to it and have to then MAC Telnet into it from a linked AP to remove the settings before we can gain access to it.

The problem now is getting to supplier to acknowledge that the unit is faulty.

We have the same unit and cards setup on another highsite with no problems. Purchased at the same time and running the same OS v5 rc5