Help with simple static routing

Viking.za · December 17, 2023, 7:11pm

I need some help please.

I have followed the “Simple Static Routing” as shown in the Mikrotik manual for the link shown in the picture below.

The firewall has been disabled as the router as it is behind another router and is not exposed directly to the internet.

The network layout is shown below:

I am having an issue where if I ping / traceroute from 10.147.18.4 on the hAP ac^2 to 20.0.1.200 it works and I get a reply.

If I ping / traceroute from 172.1.2.6 on the hAP ac^2 to 20.0.1.200 it fails / host not found.

I am stumped and not sure how to get this operating and would appreciate some help and guidance.

Thank you in advance.
ZT Network -.png
routing list.png

vingjfg · December 17, 2023, 8:12pm

Can be a number of things.

Can you send the configurations for both routers?

Viking.za · December 17, 2023, 9:45pm

Please see traceroute screenshots below.
TR ZI.png
TR VI.png

vingjfg · December 18, 2023, 5:21am

Have you checked the firewall rules? The routing on the second router?

Please, config.

Viking.za · December 18, 2023, 6:38am

blank

vingjfg · December 18, 2023, 12:27pm

Can you post the exports here, instead of on an external site?

Thank you

Viking.za · December 18, 2023, 12:48pm

The forum will not allow me to upload the .backup files, so I used the external site.

If you send me your email address, I can email the file to you.

Thanks

vingjfg · December 18, 2023, 1:43pm

That’s because you have to do an export, not a backup.

In the terminal/CLI, issue the following. You have to do it on each router.

/export file=<whatever name>

And download the file using winbox or webfig.

Remove all the sensitive information and post here.

Viking.za · December 18, 2023, 2:37pm

Here are the 2 exported files.
main-router.rsc (8.99 KB)
hAP-ac^2.rsc (12.9 KB)

vingjfg · December 18, 2023, 7:03pm

Seems you don’t have a route back for 172.1.2.0/24 in main-router/router2.

Can’t tell if your ZeroTier is correctly configured.

Viking.za · December 18, 2023, 7:39pm

This is a trace route from hAP^ac2 to the main router. The trace route is run from the zerotier interface on hAP^ac2 to the host machine on port 7 of the main router. As you can see, there is a route, and it carries traffic.
Address list hAP^ac2.png
Torch Main Router.png
Traceroute hAP^ac2.png

vingjfg · December 18, 2023, 8:01pm

Not what I said: I said that it seems you do not have a route for 172.1.2.0/24 on the main-router/router2.

main-router/router2, post here the output of the following command.

/ip/route/print detail

Viking.za · December 18, 2023, 8:25pm

I put in this route on the main router and no change, still not working.

vingjfg · December 18, 2023, 8:46pm

Send me the routing table from both router. That will be easier. “/ip/route/print detail”

Viking.za · December 18, 2023, 9:22pm

Here are screenshots of the routing tables.
Routing Table hAP 2 P2.png
Routing Table Main Router.png
Routing Table hAP 2 P1.png

vingjfg · December 19, 2023, 5:39am

Main-router has no return route for 172.1.2.0/24.

On main-router, add a route for 172.1.2.0/24 via 10.147.18.4. You also need to check your zerotier and make sure that network is defined.

Viking.za · December 19, 2023, 7:01am

What do you mean by “defined”?

vingjfg · December 19, 2023, 7:14am

Reading the zerotier documentation, you need a ZT managed route.

Viking.za · December 19, 2023, 8:13am

What I don’t understand is if I run a traceroute on my hAP ac^2 and tell the traceroute to use the zerotier interface, it works correctly and does not have any issues, but as soon as I change to a VLAN or ether interface, it does not work, and that does not make sence to me.

vingjfg · December 19, 2023, 8:27am

If the nain-router doesn’t know where 172.1.2.0/24 is, it can’t reply.

So fix that, prove me you fixed it and we can continue.