PCC Balance + 2 Subnets in RB2011 Works fine but Can't Reach a Specific IP

RouterOS General
1

I’ve 3 Wan Balanced with PCC.
I’ve 2 different subnets and i’ve connection in both.
I’ve only big problem. I can’t reach a specific ip from the other Subnet.
I can’t reach https://10.5.50.150:8443 from Subnet 192.168.1.xx

/interface bridge
add name=Bridge-Wifi/HotSpot

/interface ethernet
set [ find default-name=ether4 ] comment=Eth4 name=LAN
set [ find default-name=ether1 ] comment=Eth1 name=WAN1
set [ find default-name=ether2 ] comment=Eth2 name=WAN2
set [ find default-name=ether3 ] comment=Eth3 name=WAN3

/ip neighbor discovery
set LAN comment=Eth4
set WAN1 comment=Eth1
set WAN2 comment=Eth2
set WAN3 comment=Eth3

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=dhcp_pool1 ranges=192.168.1.1-192.168.1.253
add name=dhcp_pool2 ranges=10.5.50.1-10.5.50.199,10.5.50.210-10.5.50.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=Bridge-Wifi/HotSpot name=\
    dhcp2
	
	
/interface bridge port
add bridge=Bridge-Wifi/HotSpot interface=ether5
add bridge=Bridge-Wifi/HotSpot interface=ether6
add bridge=Bridge-Wifi/HotSpot interface=ether7
add bridge=Bridge-Wifi/HotSpot interface=ether8
add bridge=Bridge-Wifi/HotSpot interface=ether9
add bridge=Bridge-Wifi/HotSpot interface=ether10

/ip address
add address=192.168.2.2/24 interface=WAN1 network=192.168.2.0
add address=192.168.3.2/24 interface=WAN2 network=192.168.3.0
add address=192.168.4.2/24 interface=WAN3 network=192.168.4.0
add address=192.168.1.254/24 interface=LAN network=192.168.1.0
add address=10.5.50.200/24 interface=Bridge-Wifi/HotSpot network=10.5.50.0

/ip cloud
set ddns-enabled=yes

/ip dhcp-server lease
add address=10.5.50.150 mac-address=B6:21:EB:B7:A3:EA

/ip dhcp-server network
add address=10.5.50.0/24 dns-server=10.5.50.200 gateway=10.5.50.200
add address=192.168.1.0/24 dns-server=192.168.1.254 gateway=192.168.1.254

/ip dns
set allow-remote-requests=yes servers=208.67.220.220,208.67.222.222

/ip firewall mangle

add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=\
    WAN2_conn
add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=\
    WAN3_conn
add action=mark-connection chain=input in-interface=WAN3 new-connection-mark=\
    WAN4_conn
	
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2
add action=mark-routing chain=output connection-mark=WAN3_conn \
    new-routing-mark=to_WAN3
add action=mark-routing chain=output connection-mark=WAN4_conn \
    new-routing-mark=to_WAN4
	
add chain=prerouting dst-address=192.168.2.0/24 in-interface=LAN
add chain=prerouting dst-address=192.168.2.0/24 in-interface=\
    Bridge-Wifi/HotSpot
add chain=prerouting dst-address=192.168.3.0/24 in-interface=LAN
add chain=prerouting dst-address=192.168.3.0/24 in-interface=\
    Bridge-Wifi/HotSpot
add chain=prerouting dst-address=192.168.4.0/24 in-interface=LAN
add chain=prerouting dst-address=192.168.4.0/24 in-interface=\
    Bridge-Wifi/HotSpot
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=LAN new-connection-mark=WAN2_conn per-connection-classifier=\
    both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=Bridge-Wifi/HotSpot new-connection-mark=WAN2_conn \
    per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=LAN new-connection-mark=WAN3_conn per-connection-classifier=\
    both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=Bridge-Wifi/HotSpot new-connection-mark=WAN3_conn \
    per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=LAN new-connection-mark=WAN4_conn per-connection-classifier=\
    both-addresses-and-ports:3/2
add action=mark-connection chain=prerouting dst-address-type=!local \
    in-interface=Bridge-Wifi/HotSpot new-connection-mark=WAN4_conn \
    per-connection-classifier=both-addresses-and-ports:3/2
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=LAN new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=Bridge-Wifi/HotSpot new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=LAN new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN3_conn \
    in-interface=Bridge-Wifi/HotSpot new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=LAN new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN4_conn \
    in-interface=Bridge-Wifi/HotSpot new-routing-mark=to_WAN4

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=masquerade chain=srcnat out-interface=WAN3

/ip route
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=to_WAN4
add check-gateway=ping distance=1 gateway=192.168.2.1
add check-gateway=ping distance=2 gateway=192.168.3.1
add check-gateway=ping distance=3 gateway=192.168.4.1

/system clock
set time-zone-name=Europe/Rome

/system identity
set name=MikroTik-MSG

This is RB2011 cable connect list:

LAN1: WAN1
LAN2: WAN2
LAN3: WAN3
LAN4: LAN (connect to 24port switch) – Subnet 192.168.1.xx/24
LAN5-10: Bridge WIFI/Hotspot – Subnet 10.5.50.xx/24

[b]LAN 3 is a controller of wifi hotspot (ip: 10.5.50.150)[/b]
2

Someone help me. Please

3

up. Someone have a solution for this?

4

i must do something into the routes or in firewall?

5

Please help me

6

Someone can help me? Please

7

Last weekend I had a problem like that and it turned out that the remote device (a Cisco switch) had an incorrect ARP entry left over from the previous configuration (where the routing was different).
A “clear arp” fixed all the unexplainable problems.
Apparently the Cisco software uses a really strange algorithm: rather than looking up the destination IP in the routing tables first, then looking up the ARP entry for the next hop it has decided on, it first looks in the ARP table and when there is a matching entry it sends the traffic directly to that MAC address… maybe it was envisioned as some sort of optimization, but it really confused us.
So when you cannot find a solution, try to reboot the remote system and see if that helps.

8

I not have arp problems.
I rebooted the RB many times but no help me this :frowning:

I don’t know why i can’t ping or see the other ip.

I make a test with a rb951. I’ve set there a subnet 192.168.178.xx in bridge lan and i make a virtual-ap with hotspot on (10.5.50.xx).
In this conf i can ping from 10.5.50.xx to the 192.168.178.xx but not the opposite.. I can’t see 10.5.50.xx from 192.168.178.xx


How can i do for resolve this problem on my RB2011? Please help me

9

solved :wink:

10

Please share.
:slight_smile:

11

Added this rules at the top of ip/firewall/mangle


/ip firewall mangle
add chain=prerouting dst-address=10.5.50.0/24 src-address=192.168.1.0/24
add chain=prerouting dst-address=192.168.1.0/24 src-address=10.5.50.0/24

12

That does absolutely nothing. Maybe you meant the “nat” chain?
Also this means that your problem description was inaccurate and/or incomplete.
Your post suggests that you have problem with one specific IP which implies (to me) that it works for other IPs and thus there is some exception for one IP.
But your solution is applying to a whole network. I did not even look into NAT issues because there is nothing in your config that treats this IP different from the others.