Problem comunicating hosts between network in 2 router

RouterOS Beginner Basics
1

Hi all,
I have RB450G and linksys wrt54g connected. wrt54g is the internet gateway to my network, its network id is 192.168.1.0/24. then i connect rb450g ether5 to wrt54g. ether5 is dhcp client, so it obtains ip address from wrt54g.
I set ether2 as dchp server with net id 10.10.10.0/24. I don’t set up ip masquerade in rb450g too.
ip address of wrt54g and rb450g respectively is 192.168.1.1 and 10.10.10.1.

Now the goal is for the host A within wrt54g network with ip addr 192.168.1.80 to be able to see host B within rb450g network. I can ping 10.10.10.1 from host A and ofcoure host B can ping host A, and router wrt54g(192.168.1.1). However host A can’t seem to ping Host B, or any other hosts that reside within 10.10.10.0/24 network.
Please guide me to solve this problem. Thank you very much.

2

You will need to have static routes to each network.

3

could you tell me what i should put in the routing table?

4

What are you running on the Linksys? Can you add static routes in it?

5

I run tomato 1.27 on linksys. yep I can add static route.
rb450g got ip address 192.168.18.24 from linksys, so I already put static route as follows:
dest addrs: 10.10.10.0
net mask:255.255.255.0
metric:0
gateway 192.168.18.24
interface:br0(LAN)

Is it correct? I tried to ping from linksys router it seems to redirect trafic to 10.10.10.0/24 to 192.168.18.24 which is what I expect. from then on, i think the packet is lost within mikrotik router.

6

Yes that is correct. Can you post /ip route print detail

7

A little correction, my net id in linksys one is 192.168.18.0/24
[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 ADS 0.0.0.0/0 192.168.18.1 0
1 X S 0.0.0.0/0 10.10.10.1 1
2 ADC 10.10.10.0/24 10.10.10.1 ether2 0
3 X S 10.10.10.252/32 192.168.18.24 ether2 1
4 ADC 192.168.18.0/24 192.168.18.24 ether5 0
[admin@MikroTik] >

Do you find anything wrong?

The goal is to ping my laptop (10.10.10.252) from 192.168.18.1. But It's always failed.

8

Nope, so lets move on. Can you post /ip address print /ip firewall export /interfaces print detail

9

there you go.

[admin@MikroTik] > /ip address print                                             
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                
 0 X 192.168.1.0/24     192.168.1.0     LAN (Eth1)                               
 1   10.10.10.1/24      10.10.10.0      ether2                                   
 2 D 192.168.18.24/24   192.168.18.0    ether5    

[admin@MikroTik] > /ip firewall export
# mar/12/2012 22:39:20 by RouterOS 5.14
# software id = UP05-81A9
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\
    10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
    tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
    udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input disabled=yes dst-address=10.10.10.1 protocol=icmp
add action=accept chain=input disabled=no dst-address=10.10.10.252 protocol=\
    icmp src-address=192.168.18.0/24
/ip firewall mangle
add action=accept chain=prerouting disabled=no dst-address=10.10.10.252 \
    src-address=192.168.18.0/24
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=ether5
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

[admin@MikroTik] > /interface print detail 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0     name="LAN (Eth1)" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520 

 1  R  name="ether2" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520 

 2     name="ether3" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520 

 3     name="ether4" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520 

 4  R  name="ether5" type="ether" mtu=1500 l2mtu=1520 max-l2mtu=1520 

 5     name="pptp-in1" type="pptp-in" 
[admin@MikroTik] >
10

This is my ping output from interface ether5 to 10.10.10.252 which is my laptops ip address.

[admin@MikroTik] > /ping count=10 address=10.10.10.252 interface=ether5   
HOST                                     SIZE TTL TIME  STATUS                                                                                                               
10.10.10.252                                            timeout                                                                                                              
192.168.18.1                               84  64 0ms   redirect host                                                                                                        
192.168.18.1                               84  64 0ms   redirect host                                                                                                        
192.168.18.1                               84  64 0ms   redirect host                                                                                                        
192.168.18.1                               84  64 0ms   redirect host                                                                                                        
192.168.18.1                               84  64 0ms   redirect host                                                                                                        
10.10.10.252                                            timeout                                                                                                              
192.168.18.1                               84  64 0ms   redirect host                                                                                                        
10.10.10.252                                            timeout                                                                                                              
10.10.10.252                                            timeout                                                                                                              
    sent=10 received=0 packet-loss=100%

If i ping 10.10.10.252 from ether2, it works. hmm…what do i do wrong?

11

If you execute ping with interface parameter ie : ether5, you have already defined this ping came from your ether5 which is, you don’t have any 10.10.10.0/24 IP assign on. That’s the reason you don’t have any pong reply from the host 10.10.10.252.

In opposite, if you ping to 10.10.10.252 via interface ether2, you have assign 10.10.10.1 ip address and it’s on the same range with your notebook ip address.

12

my goal is for any host residing in linksys router (192.168.18.0/24) to be able to communicate with host in 10.10.10.0/24. thats why i try to ping from ether5 whose address,192.168.18.24, is dynamically assigned by linksys router.
any idea?

13

could you just ping from the linksys to your notebook to find out does the static route work? If you choose the ping with ether5 the traffic will go out the mikrotik from ether5. It will not go back to the router via ether5 and route to ether2, since you already decide to use the ether5 as outgoing interface on ping parameter

14

I can ping 10.10.10.1 from linksys but not to 10.10.10.252. It’s like all the traffic to 10.10.10.252 is lost.
Fyi I can ping 10.10.10.252 from 10.10.10.1 which is the mikrotik using winbox.

15

Could you disable the whole accept action first on every chain in your firewall? base on those configuration it should work.

16

Ppl usually tell me to enable NAT masquerade. In this case i don’t it, right? because linksys is feeding the internet connection so i guess we dont need to maquerade?

17

In this scenario don’t enable masquerade. Your traffic will not forwarded to the notebook from the linksys side

18

Hi just wanna report back.
The problem solved. I dont know how i do it, it just fixed itself. :open_mouth: This router is very random lol , anyone experience something like i did?

I said that because when the 2-way communication between 2 router is solved, I tried to detach the linksys and hook up my mikrotik directly to adsl modem in bridge mode. I set up ppoe out and everything, it was connected. Once again i tried to ping to google dns (8.8.8.8 or 8.8.4.4) from my lappy, it failed! :frowning: so I tried ping from ppoe-out and it worked… at this point i mess around the config to no avail.

I got fed up and decided to go out for a while, was out for give or take 2 hrs. I hook up my lappy again and to my surprise the internet connection has just worked. :open_mouth: man this is so random. Is this like the usual behavior of this router?

19

I got fed up and decided to go out for a while, was out for give or take 2 hrs. I hook up my lappy again and to my surprise the internet connection has just worked. > :open_mouth: > man this is so random. Is this like the usual behavior of this router?

no, i never have this issue in my router. Once again if you connect the router directly to the internet you will have to masquerade the src-nat, otherwise from the internet side they could not find route path to your client on the lan side. On your first scenario you didn’t need nat, with static route it should work. In example i have several network behind my router, i only need to define the static route for each network.

20

was my static route alright in my rb450g?
Now I’m switching the role, rb450g will dial out ppoe to adsl modem via bridging mode, and linksys will connect to rb450g. I want to set up vpn using the 450g, that’s why i swicth the router role. hopefully everything goes smoothly.