[SOLVED] Two subnets on different interfaces communication problem

RouterOS General
1

751_communication_problem.jpg
LAN1: bridge-local (wan+lan1) with dhcp server and pool
LAN2: Ethernet-port with dhcp server and pool
Both LANs have internet access.

The problem is that I cannot ping devises from different networks (networks cannot communicate)… I can only ping the gateways.
From 10.5.28.0/24 ->> to 192.168.7.1 ping ok
From 192.168.7.0/24 ->> to 10.5.28.1 ping ok

How can I fix this? Please help…
The articles that I’ve been looking through…
http://forum.mikrotik.com/t/two-subnets-separate-interfaces-communication-fix/45027/1
http://forum.mikrotik.com/t/cant-ping-host-on-other-subnet-only-other-subets-gateway/50329/1
http://forum.mikrotik.com/t/multiple-questions-rb750/47210/1
http://forum.mikrotik.com/t/rb450g-share-wan-port-1-with-2xdhcp-1x-port2-1x-port3/57149/1

> /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0 X ;;; default configuration
     address=192.168.88.1/24 network=192.168.88.0 interface=bridge-local 
     actual-interface=bridge-local 

 1   ;;; default configuration
     address=10.5.28.1/24 network=10.5.28.0 interface=bridge-local  actual-interface=bridge-local 

 2 D address=89.235.227.78/32 network=212.7.29.253 interface=STV  actual-interface=STV 

 3 D address=172.25.113.13/24 network=172.25.113.0 interface=ether1-gateway   actual-interface=ether1-gateway 

 4   address=192.168.7.1/24 network=192.168.7.0 interface=ether5-slave-local   actual-interface=ether5-slave-local




> /ip route print detail
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=212.7.29.253 
        gateway-status=212.7.29.253 reachable STV distance=1 scope=30 
        target-scope=10 

 1 ADC  dst-address=10.5.28.0/24 pref-src=10.5.28.1 gateway=bridge-local 
        gateway-status=bridge-local reachable distance=0 scope=10 

 2 ADS  dst-address=172.16.0.0/12 gateway=172.25.113.1 
        gateway-status=172.25.113.1 reachable ether1-gateway distance=1 
        scope=30 target-scope=10 vrf-interface=ether1-gateway 

 3 ADC  dst-address=172.25.113.0/24 pref-src=172.25.113.13 gateway=ether1-gatewa>
        gateway-status=ether1-gateway reachable distance=0 scope=10 

 4 ADC  dst-address=192.168.7.0/24 pref-src=192.168.7.1 
        gateway=ether5-slave-local gateway-status=ether5-slave-local reachable 
        distance=0 scope=10 

 5 ADC  dst-address=212.7.29.253/32 pref-src=89.235.227.78 gateway=STV 
        gateway-status=STV reachable distance=0 scope=10




> /interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  ;;; WIFI
       name="WLAN" type="wlan" mtu=1500 l2mtu=2290 

 1  R  ;;; WAN
       name="ether1-gateway" type="ether" mtu=1500 l2mtu=1600 

 2  R  ;;; LAN
       name="ether2-master-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2030 

 3  R  name="ether3-slave-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2030 

 4     name="ether4-slave-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2030 

 5  R  ;;; FREENET
       name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=2030 

 6  R  ;;; LAN AND WIFI
       name="bridge-local" type="bridge" mtu=1500 l2mtu=1598 

 7  R  ;;; PPPoE Connection
       name="STV" type="pppoe-out" mtu=1480




/ip dhcp-server> export
# jun/20/2012 14:19:07 by RouterOS 5.6
# software id = SJFD-6X9Z
#
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay bootp-support=\
    static disabled=yes interface=bridge-local lease-time=3d name=default
add address-pool=dhcp-pool authoritative=after-2sec-delay bootp-support=static \
    disabled=no interface=bridge-local lease-time=3d name=dhcp-server
add address-pool=freenet_pool authoritative=after-2sec-delay bootp-support=\
    static disabled=no interface=ether5-slave-local lease-time=3d name=\
    dhcp-freenet

/ip dhcp-server config
set store-leases-disk=5m

/ip dhcp-server network
add address=10.5.28.0/24 comment="default configuration" dns-server=10.5.28.1 \
    gateway=10.5.28.1
add address=192.168.7.0/24 dns-server=10.5.28.1 gateway=192.168.7.1
2

Ok so this is how routing and subnetting works

if a subnet has a destnation outside of its own subnet the packets are supposed to goto the router and say here route me.


so you’r router gets the packet destination 192.168.7/0/24 and the router goes hmm hold a second let me look up the table ( as it rubs its beared)
it goes hmm i only have a route for the 192.168.7.0/24 network, the source computer goes YAY!!!, but the router goes BUT… im sorry the only people aloud to get to this destination is “pref src” is actualy in fact me, so that means YOU can not get to that network… suck eggs.

So if you changed that pref source to = the source network not JUST .1 it will work
you could remove the pref source all together, you could also Enable RIP if you want to share routes to other routers etc etc


So route destination 192.168.7.0/24 via gateway which you can select an interface or interface address


the reason pref src is there so you can restrict who can access that network, in alot of case’s you dont want every tom dick and harry connecting to any route.

IF it works I am a little low on Karma :slight_smile:

3

Thanx for reply coffeecoco, but how can I change or remove it, if the entry in Route List was added automatically?
In “DAC” items I cannot change anything…

4

do you have rip enabled or any other routing proticols ospf etc
im taking a guess you have Rip enabled ? just untick all the box’s and remove them

or goto to terminal type routing > rip > export and paste it here
the D in the routes means its dynamic which is usualy created by a routing protocol

5

Here it is :slight_smile:

/routing rip> export
# jun/20/2012 13:40:09 by RouterOS 5.6
# software id = SJFD-6X9Z
#
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
    metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
    redistribute-connected=no redistribute-ospf=no redistribute-static=no \
    routing-table=main timeout-timer=3m update-timer=30s
6

wait i see it. Do you really need a VRF ?
if you dont then the VRF part is in the routes window delete all the stuff you added, unless you need it ?
a VRF allows you to create completly seperate routes that are sub managed in the router


I use them at work all the time. Its like a seperate routing zone for customers to route how they please

7

Here is routing ospf. All the setting should be by default because it’s a brand new rb751-2hnd

/routing ospf> export
# jun/20/2012 14:11:30 by RouterOS 5.6
# software id = SJFD-6X9Z
#
/routing ospf instance
set default disabled=no distribute-default=never in-filter=ospf-in metric-bgp=\
    auto metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=\
    20 metric-static=20 name=default out-filter=ospf-out redistribute-bgp=no \
    redistribute-connected=no redistribute-other-ospf=no redistribute-rip=no \
    redistribute-static=no router-id=0.0.0.0
/routing ospf area
set backbone area-id=0.0.0.0 disabled=no instance=default name=backbone type=\
    default

I also tried pinging from mikrotik (10.5.28.1):
->> to 192.168.7.1 gateway ping ok
->> to 192.168.7.x timeouts
->> to 10.5.28.x ping ok

8

yes from the router you will be able to ping everything the reason why one if them wont is because you created a VRF

under routes there is a VRF tab you might want to delete some of that stuff




then, go to the PC on the LAN you want to use to talk to the other subnets

i dont know what you use but for windows its like this

route add 10.5.28.0 mask 255.255.255.0 192.168.7.1

9

I finally found the solution…one mikrotik guru told me to try this:

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=!bridge-local src-address=10.5.28.0/24 - for LAN1
add action=masquerade chain=srcnat disabled=no out-interface=!ether5-slave-local src-address=192.168.7.0/24 - for LAN2

previously I’ve had such a rule:

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=WAN

hope this will help somebody who has similar problems with subnets…

10

This is still not working for me, and i have tried on more than one mikrotik :cry :cry: :cry: :cry: :cry: :cry: :cry: :cry: :cry: :cry: