Help needed - Routing to connected networks doesn't work!

RouterOS Scripting
1

I have a RB1200 with some connected networks like 10.10.4.0, 10.10.3.0 and 10.10.2.0 and some more.
All devices I do see in the ARP section.
I have from all devices access to WAN, which are on 2 different networks (10.0.0.0 and 10.9.9.0).
I’m using the WAN Load Balancer of Zaib (http://aacable.wordpress.com/2011/07/27/mikrotik-dual-wan-load-balancing-using-pcc-method-complete-script-by-zaib/).
All works fine!

The only limitation I have is that I can not access devices from 10.10.4.0 out of the 10.10.2.0 Network or in any other combination.
I guess it is based on the prerouting used by the Load Balancing script.

Can anybody help me and tell me how to overcome that situation? I need to access the devices from one to the other network.
Do I need to add additional mangle rules? If yes How would they look like?
Or do I need any other configuration?

Thank you for your help.

2

Post your config (export) and routing table. I’m not familiar with his PCC method, but I’ll look at the config.

3

here are the relevant parts:

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
 tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
 10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
 tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
 udp-stream-timeout=3m udp-timeout=10s
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=WAN1 \
 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=WAN2 \
 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=no \
 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn disabled=no \
 new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=10.0.0.0/24
add action=accept chain=prerouting disabled=no dst-address=10.9.9.0/24
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
 both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local \
 new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
 both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=no \
 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=no \
 new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=WAN1
add action=masquerade chain=srcnat disabled=no out-interface=WAN2
/

I'm using v5.11 and not sure how to post the Routing table here.
4

Any hint for me please!
:question:
I know it is a bad time, but anyone who can help these days?

5

:question:

6

Add a mangle rule for all your internal network with accept action like this

add chain=prerouting dst-addres=yourNetwork action=accept

Put it in the top of your rules.


Send from my mobile phone using Tapatalk.

7

Thank you,
that solved the Problem.