Hello,
Long time MT user , but first time posting a question.
I have a strange issue with my NAT configuration and i just can’t figure out what happen. It used to work but not any more. Not sure why . I tried reverting back to old configuration but still , nothing.
I have a mikrotik configuration with an external bridge - named bridge1 - where i connect my external routers. I have my ISP router with IP 10.0.0.138 and my backup cellular router with IP 10.0.0.254. This configuration allow me to change my route in case of ISP issue and send all the traffic from the cellular modem without making any changes to the network.
I have a NAT rule to allow this:
[admin@rtr-mt-main] > ip firewall nat print
....
6 ;;; NAT to External network
chain=srcnat action=src-nat to-addresses=10.0.0.199
out-interface=bridge1 log=no
My mikrotik router IP is 10.0.0.199
Everything is working fine and i am able to send traffic out side from both devices:
tracert -d 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.2.254
2 <1 ms <1 ms <1 ms 10.0.0.138
3 10 ms 19 ms 19 ms x.x.x.x
4 13 ms 13 ms 15 ms 10.250.0.162
5 10 ms 9 ms 10 ms 212.25.77.2
6 10 ms 10 ms 9 ms 10.90.99.9
7 48 ms 48 ms 48 ms 74.125.51.88
8 48 ms 48 ms 48 ms 74.125.244.209
^C
tracert -d 9.9.9.9
Tracing route to 9.9.9.9 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.2.254
2 3 ms 3 ms 3 ms 10.0.0.254
3 75 ms 54 ms 42 ms 10.21.30.179
4 199 ms 64 ms 39 ms 10.21.30.161
5 46 ms 59 ms 37 ms 10.21.111.11
^C
The problem is , i am unable to connect to the two devices on the bridge , the two routers 10 .0.0.138 & 10.0.0.254 . The traffic is just failing and my only guess is that it is a NAT issue. as everything is working from the mikrotik itself:
[admin@rtr-mt-main] > ping 10.0.0.138
SEQ HOST SIZE TTL TIME STATUS
0 10.0.0.138 56 64 0ms
1 10.0.0.138 56 64 0ms
2 10.0.0.138 56 64 0ms
sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
[admin@rtr-mt-main] > ping 10.0.0.254
SEQ HOST SIZE TTL TIME STATUS
0 10.0.0.254 56 64 6ms
1 10.0.0.254 56 64 2ms
2 10.0.0.254 56 64 2ms
3 10.0.0.254 56 64 2ms
sent=4 received=4 packet-loss=0% min-rtt=2ms avg-rtt=3ms max-rtt=6ms
But when trying from my computer , it is failing :
tracert -d 10.0.0.138
Tracing route to 10.0.0.138 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.2.254
2 * * * Request timed out.
3 * * * Request timed out.
4 ^C
tracert -d 10.0.0.254
Tracing route to 10.0.0.254 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.2.254
2 * * * Request timed out.
3 * * ^C
tracert -d 10.0.0.199
Tracing route to 10.0.0.199 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.0.0.199
Trace complete.
ping 10.0.0.138
Pinging 10.0.0.138 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.0.0.138:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
What am i missing ? Is there a way to run tcpdump or some debug on the mikrotik ?
BTW - this is not (i think) a firewall issue, but just to be on the safe side, i also added a specific firewall rule to allow all traffic from my desktop machine to the specific IPs and it did not help.
1 ;;; Access from home computer to external bridge
chain=forward action=accept src-address=192.168.2.191
dst-address=10.0.0.0/24 log=no log-prefix=""