Trouble replacing old mikrotiks with new ones...

spartanm73 · December 14, 2010, 11:34pm

Hello. I am having an issue when doing an in-place upgrade of a mikrotik. My network consists of several mikrotiks chained together. Mikrotik1 receives internet from my provider, and has several LANs, one for my office network, one for a local AP/hotspot, and a third that travels over a wireless root/client bridge to supply internet to the next mikrotik. Mikrotik2 follows the same layout, with its public interface in the same subnet of the corresponding LAN of Mikrotik1, a LAN running an AP, and another linking to Mikrotik3. The dynamic routes formed when the IPs were added are used for the direct connections between mikrotiks. Also, mikrotik1 has static routes for each LAN subnet of mikrotik2, and each subnet on mikrotik3 as well. In my original network setup, each mikrotik worked fine. All the LANs on every mikrotik have internet. More importantly, I am able to remotely access devices on each mikrotik’s subnets from my location on the LAN of mikrotik1. I can access the equipment of any client connecting to any of my LANs…

My original mikrotiks were PC-based, and very unreliable. They run ROS version 2.9. I am looking to upgrade to routerboard RB750s, running version 4.10. I can pull the config from an old router, import it into the new RB750. The only part of the config that I can find that doesn’t drop into place is the mapping of each IP address to its corresponding interface. I have to take each subnet, assign it to an Ether interface, plug the appropriate cable in, and it links up.

The issue I am facing is that when I introduce a new RB750, I lose the ability to communicate with any LAN past that router. If I were to replace mikrotik2 in the example above, I would no longer be able to talk to anything on its LANs, and wouldn’t be able to communicate with mikrotik 3 at all. I am hoping fora little help in tracking down what can be causing this. I can dig up detailed examples of each router config if need be, may take a bit though…

If anybody has some advice on how to get me back to having access to my whole network, I would be grateful..

SurferTim · December 15, 2010, 3:22am

Check “/ip firewall filter” and “/ip firewall nat”. Should be no masquerades or srcnats in any but the core router (Mikrotik1). Insure no filter rules blocking anything going back through the router.

spartanm73 · December 16, 2010, 12:52am

OK, thank you for responding. I have checked a couple of the problematic routers on my network, and none of the mikrotiks between it and the internet have masquerades or src NAT, except for the router directly conencted to my ISP. That router has a masquerade for every local subnet…

I am currently working on just getting connectivity through a standalone router. I have a mikrotik RB750, not connected to the internet. I have manually set it up to use the same numbers as one of the ones on my network. It is running ROS 4.10.

Interface1=Public IP: 10.0.156.1/24 Network: 10.0.156.0 Broadcast: 10.0.156.255
Interface 3=LAN1 IP: 10.0.56.254/24 Network: 10.0.56.0 Broadcast: 10.0.56.255
Interface 4=LAN2 IP: 10.0.60.254/24 Network: 10.0.60.0 Broadcast: 10.0.60.255

Routes:

AS 0.0.0.0/0 Gateway 10.0.56.254 (reachable Public)
DAC 10.0.56.0/24 Gateway: LAN1 reachable
DAC 10.0.60.0/24 Gateway: LAN2 unreachable (nothing connected here at the moment)
DAC 10.0.156.0/24 Gateway: Public reachable

I have 3 simple queues, set to allow each subnet 2Mbps bandwidth up/down. I have added no NAT, firewall rules, or anything else. Just 3 subnets on seperate interfaces, a static default route, and simple bandwidth queues for he 3 subnets.

I have a desktop with its NIC set to the IP of the mikrotik default gateway, giving the mikrotik a device that it sees as its gateway. 10.0.156.254 would, in my network, be the gateway that supplies internet to this MT; I am just using the PC to give the mikrotik the IP it expects, and a device that should be able to answer a ping request. I also have a laptop on IP 10.0.56.153, a random number on one of the 2 LANs, mimicking a client that would be connecting to this router for internet access. Both computers have their firewalls turned off, and their NICs are working. The laptop, on 10.0.56.153, can ping both the LAN1 and the Public interfaces on the mikrotik, and can ping past it to the public-side computer. The desktop, on the public address of 10.0.156.254, can ping itself, can ping the public-side interface it is connected to, and CANNOT ping either of the LAN interfaces. Nor can it ping past the router to the computer on the LAN…

I just need to be able to communicate both directions through this router, so that I could ping all the way out to the internet from the client location, or ping from one of my routers’ public side through to my client equipment. I have no idea if I am just missing something simple, or am mis-configureing along the way…