Just had a really strange Issue in RouterOS 5 RC7 with multiple IP’s on the same interface.
My ISP gives multiple IPv4s as single IP’s from a larger subnet rather than allocate a proper routed subnet, this usually works fine on routerOS you just add the IP to the interface with the Subnet Mask given by the ISP making sure the network and broadcast match the ones for their subnet.
I’m sure this worked on router OS 4.x but it did not work on Router OS 5.x what actually happened is Only the first IP was working the others were not.
However the weird thing was to get each IP working correctly what I had to do was to momentarily disable/enable all of the others.
E.g when I disabled x6 x8 and x9 then x7 started to work and continued working even after I re-enabled the others.
I repeated this procedure for all of the IP’s and they do now work.
I’m wondering if It’s a bug (Perhaps routeros didn’t ARP for the ip?) or if I’ve done something stupid in the setup.
I did try removing the /21 from the IP’s and setting them as a /32 (Single IP) but that seems to cause no traffic at all.
The issue here is likely routing. Without more info on your setup, I can’t give you a certain answer.
You can only have one route to a given destination active at any given time, unless the route is for a specific packet/routing mark.
Essentially, the IP all have the same default gateway, so only one route to 94.x.x.1 can be active at any given time. All of your traffic will go out say the .6 IP, and return via whatever IP the firewall used to NAT the traffic.
Nat rule is specifically setup to NAT outbound traffic to the .6 IP.
I was pinging the other IP’s from an external box, firewall was set to allow ICMP, should be no NAT involved as the router itself would have been responding to the ICMP ping.
so, even without firewall you just add ip address to the interface, that already has an address (same subnet) and you are not able to ping it? Or is there anything else as simple test of adding another address did not yield any ICMP packet failures.
I could ping it from the LAN side of the network but not from the internet.
Anyway disabling/enabling all the IP addresses seemed to fix it
Also I ended up downgrading to version 4.16 as I wanted to have a look at hotspot and user manager was broken in v 5rc7
It seems the IP doesn’t work until there has been some outbound traffic on it, originally my default NAT rules rewrote everything to my first IP so even if I sent a packet from the router with a source IP set to one of the others I think the NAT rule was catching it and rewriting it back to the first IP
I’ve modified the Nat rule so it Applies to the LAN subnet only and then also written a script that runs every 5 minutes and pings the gateway once from each of my source IPS.
I think the problem is basically that the ARP entry isn’t being created in the DSLAM until such time as it sees a packet coming from my CPE with the IP and source MAC so even though the IP’s are statically routed to my DSLAM port they’re not being forwarded to the router at my end
