New to ROS.

ocavid · April 29, 2015, 2:49am

i just acquired a new ccr1036-12g-4s device. i was able to enable DCHP server in ether2 in providing IP ro clients fine.
Now, my next problem is how do i route the ether2 to access the internet which connected to Ether1?

my net in ether2 is 172.16.200.0/24
my net in ether1 is 192.168.5.0/24 with gateway at 192.168.5.1

anyone has sample on how i be able to access the internet from ether2?
i just need routing and no NATting.

thank you very much.

TomosRider · April 29, 2015, 12:50pm

Hello Ocavid. Can you ping your gateway from 172.16 segment?
Add default route. 0.0.0.0/0 with gateway of your 192 segment and it should be fine.

ocavid · April 30, 2015, 12:45am

TomosRider Thank you. works great.

i can now see my router. 192.168.5.1 and ping the internet like google and many others.

i have a file server 192.168.5.22, when i try to ping it from 172.16. segment i can not see it. is there something wrong or lacking about it? My thoughts are since it is in 192.168.5 segment i should be able to see it from 172.16 segment, but i can’t find it.

TomosRider · May 1, 2015, 9:39pm

Check your firewall rules. You may need to configure some firewall/nat rules…give more info. Where is that 192 segment?

ocavid · May 4, 2015, 1:36am

pardon me. my firewall in mt is blank not NATting. Do you know of a sample in internet where you could refer me to?

here’s my setup.

(Internet) <----> (Firewall) 192.168.5.1/24 <---->192.168.5.11/24 via Ehter1 (MT) Via Ether2 172.16.200.1/24 <---->172.16.200.2-254 Clients

Thank you for your patience.

pukkita · May 4, 2015, 1:43pm

what’s the default gateway set at the file server? Did you add a route to 172.16 on 192.168.5.1?

ocavid · May 5, 2015, 1:04am

default gateway in file server is 192.168.5.1
i have static route in 192.168.5.1 as 172.16.200.0/24 via 192.168.5.11 (MT router)

i can ping 172.16.200 segment clients from 192.168.5 segment. but i can only ping 192.168.5.1 and 192.168.5.11 from 172.16.200 segment .

i can ping all clients in 2 segments 192.168.5 and 172.16.200 from MT router.

i also disabled firewall in my file server to make sure that it is not blocking anything.

this might be helpful info:
[admin@CC103612G4S] /ip settings> print
ip-forward: yes
send-redirects: yes
accept-source-route: no
accept-redirects: no
secure-redirects: yes
rp-filter: no
tcp-syncookies: no
max-arp-entries: 8192
arp-timeout: 30s
icmp-rate-limit: 10
icmp-rate-mask: 0x1818
allow-fast-path: yes
ipv4-fast-path-active: no
ipv4-fast-path-packets: 60000
ipv4-fast-path-bytes: 16465524

pukkita · May 5, 2015, 9:18am

could you paste the results of issuing this on a terminal?

/ip route print

and

/ip firewall export

ocavid · May 6, 2015, 1:38am

[admin@CC103612G4S] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 192.168.5.1 1
1 ADC 172.16.200.0/24 172.16.200.1 ether2 0
2 ADC 192.168.5.0/24 192.168.5.11 ether1 0

[admin@CC103612G4S] > ip firewall export

jan/03/1970 00:17:03 by RouterOS 6.28

software id = I4BW-4P19

[admin@CC103612G4S] >

pukkita · May 6, 2015, 11:30am

Check 192.168.5.1 routes, firewall/NAT, there must be something wrong with it, as

If a 172.16.200.x host pings a 192.168.5.x host other than the two directly attached to the CCR, packets don’t return.

172.16.200.x --ether2–> 172.16.200.1 --ether1—> 192.168.5.1 ---->??

so the problem it’s clearly at 192.168.5.1