Replies coming from Router instead of host

jakir69 · August 22, 2021, 6:36am

I have ccr router(172.21.16.1) configured as gateway for user and another mikrotik (172.21.16.2) configured as vpn server.
My scenario is ccr + vpn router + end host (172.21.16.15) connected to same switch on same vlan which is 807.

i have added an ip in vpn router from same subnet range which is in host device.
now my issue is whenever i try to arp/ping i get replies from ccr instead of the host. if i try arping i get mac flaps between the host and ccr.

usually i should be able to establish l2 connectivity between vpn router and host without ccr interference. but why am i getting replies from ccr is my question.

Note : i may not be explaining my scenario very clearly, but i am eager to share more info needed.

Thanks in advance.

k6ccc · August 23, 2021, 12:52am

Yea, hard to follow from your description. A drawing with how everything is connected would help.
Also, export your configurations and post.

jakir69 · August 24, 2021, 6:57am

here is my config

/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface vlan
add comment=T1 interface=ether5 name=805 vlan-id=805
add comment=T2 interface=ether5 name=807 vlan-id=807
/interface list
add name=WAN
/queue simple
add comment=ICMP_IN max-limit=100M/100M name=ICMP_IN packet-marks=ICMP_IN
priority=1/1
add comment=ICMP_OUT max-limit=100M/100M name=ICMP_OUT packet-marks=ICMP_OUT
priority=1/1
/queue tree
add name=ICMP_IN packet-mark=ICMP_IN parent=global priority=1
add name=ICMP_OUT packet-mark=ICMP_OUT parent=global priority=1
add disabled=yes name=Browsing packet-mark=browsing-packet parent=global
priority=1 queue=default
add disabled=yes name=Download packet-mark=download-packet parent=global
priority=5 queue=default
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
/ip address
add address=172.21.15.1/24 interface=807 network=172.21.15.0
/ip firewall address-list
add address=172.21.16.0/24 list=NAT
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=log chain=forward comment=" logs rule" connection-nat-state=
srcnat,dstnat connection-state=new protocol=tcp src-address=0.0.0.0/0
add action=accept chain=forward connection-state=established
add action=accept chain=forward connection-state=related
add action=drop chain=forward connection-state=invalid
/ip firewall mangle
add action=mark-packet chain=postrouting new-packet-mark=ICMP_OUT
passthrough=no protocol=icmp
add action=mark-packet chain=prerouting new-packet-mark=ICMP_IN passthrough=
no protocol=icmp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=“masquerade hotspot network”
out-interface-list=WAN src-address-list=NAT
/ip hotspot ip-binding

add address=172.21.16.0/24

add address=0.0.0.0/0 type=blocked
/ip hotspot walled-garden
add comment=“place hotspot rules here” disabled=yes
/ip hotspot walled-garden ip
add action=accept disabled=no !dst-address !dst-address-list !dst-port
protocol=icmp !src-address !src-address-list
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api-ssl disabled=yes
/system scheduler
add interval=2m name=Host on-event=“/ip hotspot host remove [find authorized=n
o bypassed=no]\r
\n:local dumplist \r
\n}\r
\n” policy=read,write,test,password,sniff start-time=startup
add interval=1m name=ICMP on-event=“/queue simple move [find name="ICMP_IN"]
_[:pick [find] 0]\r
\n/queue simple move [find name="ICMP_OUT"] [:pick [find] 1]” policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=
nov/01/2015 start-time=05:58:48