HELP! Cant ping between devices inside LAN

PwFactor · February 18, 2020, 12:43pm

HELP!
I configured 2 WAN for 1 LAN but its not load balancing I seperate 2 different ISP inside my lan.

ISP1 : 93.x.x.96/29
ISP 2 : 77.x.x.8/29
LAN : 192.168.8/21
I have also 2 different location. Office and Camp. So in order to seperate their internet I simple seperated ip addreses. I am using mac filter for all of them.
Office : 192.168.8.1- 192.168.11.254
Camp : 192.168.12.1-192.168.15.254

Everythings works fine expect I can not ping between devices inside lan. I am sure I am missing something but please help me to find it out.

My Router Configurations :

/interface ethernet
set [ find default-name=ether4 ] mac-address=00:0C:29:07:21:55 name=LAN_P3
set [ find default-name=ether1 ] mac-address=00:0C:29:07:21:41 name=\WAN_CAMP_P1
set [ find default-name=ether2 ] mac-address=00:0C:29:07:21:4B name=\WAN_OFFICE_P2

/ip pool
add name=“OFFICE POOL” ranges=192.168.8.1-192.168.11.254
add name=“CAMP POOL” ranges=192.168.12.1-192.168.15.254
/ip dhcp-server
add address-pool=“CAMP POOL” disabled=no interface=LAN_P3 name=Bautino.dhcp

/ip address
add address=93.x.x.x9/29 interface=WAN_CAMP_P1 network=93.x.x.96
add address=77.x.x.10/29 interface=WAN_OFFICE_P2 network=77.x.x.8
add address=192.168.10.20/21 interface=LAN_P3 network=192.168.8.0

/ip dhcp-server lease
add address=192.168.15.150 mac-address=F8:CA:B8:25:22:BC
add address=192.168.8.160 mac-address=D0:50:99:85:FC:58
/ip dhcp-server network
add address=192.168.8.0/21 dns-server=8.8.8.8 gateway=192.168.10.20

/ip dns
set servers=8.8.4.4,8.8.8.8

/ip firewall address-list
add address=93.x.x.x/29 list=Connected
add address=192.168.8.0/21 list=LAN
add address=192.168.8.0/21 list=Connected
add address=77.x.x.x/29 list=Connected
add address=192.168.8.1-192.168.11.254 list=LANOFFICE
add address=192.168.12.1-192.168.15.254 list=LANCAMP

/ip firewall filter

/ip firewall mangle

add action=accept chain=prerouting dst-address-list=Connected
src-address-list=Connected

add action=mark-connection chain=input connection-mark=no-mark in-interface=
WAN_OFFICE_P2 new-connection-mark=WO->ROS

add action=mark-connection chain=input connection-mark=no-mark in-interface=
WAN_CAMP_P1 new-connection-mark=WC->ROS

add action=mark-routing chain=output connection-mark=WO->ROS
new-routing-mark=WO_ROUTE passthrough=yes

add action=mark-routing chain=output connection-mark=WC->ROS
new-routing-mark=WC_ROUTE passthrough=yes

add action=mark-connection chain=forward connection-mark=no-mark
in-interface=WAN_OFFICE_P2 new-connection-mark=WO->LANs passthrough=yes

add action=mark-connection chain=forward connection-mark=no-mark
in-interface=WAN_CAMP_P1 new-connection-mark=WC->LANs passthrough=yes

add action=mark-routing chain=prerouting connection-mark=WO->LANs
new-routing-mark=WO_ROUTE passthrough=yes src-address-list=LANOFFICE

add action=mark-routing chain=prerouting connection-mark=WC->LANs
new-routing-mark=WC_ROUTE passthrough=yes src-address-list=LANCAMP

/ip firewall nat

add action=masquerade chain=srcnat out-interface=WAN_OFFICE_P2

add action=masquerade chain=srcnat out-interface=WAN_CAMP_P1

/ip route
add distance=1 gateway=77.x.x.9 routing-mark=WO_ROUTE
add distance=1 gateway=93.x.x.97 routing-mark=WC_ROUTE
add distance=1 gateway=77.x.x.9
add distance=2 gateway=93.x.x.97

/ip route rule
add action=lookup-only-in-table dst-address=192.168.8.0/21 table=main

WeWiNet · February 18, 2020, 6:16pm

Are the LAN devices connected over ethernet or WIFI?
If you use Wifi, have you enabled “default forward” in wireless interface settings?

PwFactor · February 18, 2020, 8:42pm

Devices are connected over ethernet

PwFactor · February 19, 2020, 7:23am

I realize i can ping if i turn of Public firewall from the clients. it looks like icmp-packets droping somehow. any idea ?

bpwl · February 19, 2020, 8:41am

The PING between devices within the Office Pool or withinin the Camp pool, does not use the router.
PING from Office to Camp or Camp to Office need the router.

I did not see the gateway for the Camp Pool (router should have adresses is both pools on the LAN interface)

PwFactor · February 19, 2020, 8:51am

/ip dhcp-server network
add address=192.168.8.0/21 dns-server=8.8.8.8 gateway=192.168.10.20

isint that enough?

bpwl · February 19, 2020, 10:29am

Camp Pool will never get to 192.168.10.20 as gateway , it’s not in the same subnet.

Office Pool -“192.168.10.20/Router/192.168.14.20” - Camp Pool … or something of that style.

PwFactor · February 20, 2020, 9:10am

why not? it is B class IP range 192.168.8.1 - 192.168.15.254 255.255.248.0 I just put my gateway on 10.20

PwFactor · February 20, 2020, 9:18am

I can ping anymore if I turn off firewall from the pc by editing mangle I can ping other devices such as printer, ap etc But i didint get why I cant ping if the windows firewall is on. It should be about icmp packets but I am still confused how to fix

/ip firewall mangle
add action=mark-routing chain=prerouting comment=“LAN OFFICE TO WAN OFFICE ROUTE” dst-address=!192.168.8.0/21 new-routing-mark=OFFICE
passthrough=yes src-address=192.168.8.1-192.168.11.254
add action=mark-routing chain=prerouting comment=“LAN CAMP TO WAN CAMP ROUTE” dst-address=!192.168.8.0/21 new-routing-mark=CAMP
passthrough=yes src-address=192.168.12.1-192.168.15.254

bpwl · February 20, 2020, 10:22am

Oooops , overlooked the /21. You are correct ir is the same subnet.
But then PING from PC to PC does not even use the router at all.
Ping from router to PC ? And only fails if the firewall is set on the PC, then the firewall on the PC is blocking the PING.

PwFactor · February 21, 2020, 4:22am

Exactly