Help, try to route to another subnet through another router

pthunya · June 24, 2013, 7:20pm

It’s start with very simple network with Mikrotik 750 (router1, 192.168.1.1/24) as default gateway as you see in diagram.

Now, we’re prepare new server for our branch office so I setup another Mikrotik 750 (router2, 192.168.1.111/24) to be bridge between two subnets the existing one and the new 192.168.8.0/24

I use this command on Router1 to send the traffice destination 192.168.8.0/24 to Router2

/ip route add check-gateway=ping disabled=no distance=1 dst-address=192.168.8.0/24 gateway=192.168.1.111

Now the client can ping to 192.168.8.21 but not 192.168.8.1 (unless I manually change gateway IP of client from default (192.168.1.1) to 192.168.1.111 then I get reply from ping to 192.168.8.1)

What wrong with my configuration please?

Thank you.

Rudios · June 24, 2013, 7:53pm

Check your gateway and routing settings on your 8.1 system and the second router.

Probably the traffic coming back from the 8.1 system is destined for a system inside the 1.0/24 network.
Therefor it does not travel via the 1.111 gateway and somewhere the traffic gets broken.
The path towards the system is different than the way back, which will probably cause the problems.
I can however not explain why pings towards the router itself are getting replied.
I would assume they suffer the same problem.

pthunya · June 26, 2013, 10:05am

Thank you for a comment.

I terminal on router1 ping to “192.168.8.1” I didn’t get reply.

but if set client to use 192.168.1.111 as gateway I’ll get reply from 192.168.8.1.

so config should be OK, but something not right on router1?

Thank you.

SurferTim · June 26, 2013, 10:09am

Have you tried just the basic route to that net? Like this…

/ip route 
add dst-address=192.168.8.0/24 gateway=192.168.1.111

pthunya · June 26, 2013, 10:13am

Yes, as I mentioned on first post.

SurferTim · June 26, 2013, 10:16am

No you didn’t. You posted this:

/ip route 
add check-gateway=ping disabled=no distance=1 dst-address=192.168.8.0/24 gateway=192.168.1.111

pthunya · June 26, 2013, 10:39am

I removed the old route and then use “/ip route add dst-address=192.168.8.0/24 gateway=192.168.1.111”, the result still the same. (able to ping 192.168.8.21 but not 192.168.8.1 either from terminal of router1 or client)

I used to use ROS 5.25 and now upgraded to 6.1 but the result still the same.

SurferTim:

pthunya:
SurferTim:
Have you tried just the basic route to that net? Like this…
/ip route 
add dst-address=192.168.8.0/24 gateway=192.168.1.111
Yes, as I mentioned on first post.
No you didn’t. You posted this:
/ip route 
add check-gateway=ping disabled=no distance=1 dst-address=192.168.8.0/24 gateway=192.168.1.111

SurferTim · June 26, 2013, 10:44am

Is the gateway in 192.168.8.1 is set correctly? It should be using 192.168.8.21 as a gateway.

pthunya · June 26, 2013, 10:48am

Yes, gateway for 192.168.8.1 is 192.168.8.21

If I set gateway of client machine to be 192.168.1.111 instead of default gateway (192.168.1.1) or I put route table on client machine “route add 192.168.8.0 mask 255.255.255.0 192.168.1.111” , I’ll get reply from 192.168.8.1

SurferTim · June 26, 2013, 10:50am

Please post “/ip address”, “/ip route”, and “/ip firewalll nat”. edit: …from both routers.

pthunya · June 26, 2013, 11:10am

Here it is, Thank you.

Router1:

[pjk@MikroTik] > /ip address print
0 192.168.1.1/24 192.168.1.0 LAN
1 D 180.183.55.39/32 180.183.48.1 pppoe-out1

[pjk@MikroTik] > /ip route print
0 ADS 0.0.0.0/0 180.183.48.1 1
1 ADC 180.183.48.1/32 180.183.55.39 pppoe-out1 0
2 ADC 192.168.1.0/24 192.168.1.1 LAN 0
3 A S 192.168.8.0/24 192.168.1.111 1

[pjk@MikroTik] > /ip firewall nat print
0 chain=srcnat action=masquerade out-interface=pppoe-out1
1 chain=dstnat action=dst-nat to-addresses=192.168.1.12 protocol=tcp in-interface=pppoe-out1 dst-port=82
2 chain=dstnat action=dst-nat to-addresses=192.168.1.13 protocol=tcp in-interface=pppoe-out1 dst-port=83
3 chain=dstnat action=dst-nat to-addresses=192.168.1.14 protocol=tcp in-interface=pppoe-out1 dst-port=84

Router2:

[admin@MikroTik] > /ip address print
0 192.168.8.21/22 192.168.8.0 LAN1
1 D 192.168.1.111/24 192.168.1.0 WAN1

[admin@MikroTik] > /ip route print
0 ADS 0.0.0.0/0 192.168.1.1 0
1 ADC 192.168.1.0/24 192.168.1.111 WAN1 0
2 ADC 192.168.8.0/22 192.168.8.21 LAN1 0

[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
[admin@MikroTik] >

More Info, I’m try to ping from 192.168.8.1 to 192.168.8.21 and 192.168.1.1 all are replies.

pthunya · June 26, 2013, 11:35am

OK, Finally I got the reply from 192.168.8.1, while I’m trying to cleanup rules to make it easy to read, now I got the reply from 192.168.8.1 - so It should be some rules on router1.

the way you ask me question lead me to the result (Y), Thank you very much.

Edited, More Info : Surprise, I restore the exactly configuration I’m use on first post, without doing anything yet. I got reply from 192.168.8.1 o.O!