Community discussions

 
tyr76
just joined
Topic Author
Posts: 3
Joined: Thu Jul 14, 2016 6:13 pm

Basic LAN to LAN

Thu Jul 14, 2016 6:31 pm

Setup is 

RB750Gr2, 5 independent ethernet ports, WAN1 - WAN2 (PCC load) , LAN3 10.10.10.1 (10.10.10.0/29) , LAN5 192.168.0.1 (192.168.0.0/24)
Default routes for each segment, each LAN is correctly natted outside.

ISSUE --> I can't ping from 10.10.10.3 to 192.168.0.100 (whereas i can from 10.10.10.3 to 192.168.0.1)
Last firewall rule is DROP ALL
Tried to implement a forward rule for LAN3 and LAN5 but no luck (rule is placed at the top of the FW list)

Any suggestion? I feel like i'm missing a stupid thing

Thanks
 
User avatar
nickshore
Member
Member
Posts: 473
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Basic LAN to LAN

Thu Jul 14, 2016 6:43 pm

Have you check that the device on 192.168.0.100 has a default route of 192.168.0.1 ?

Also have you checked that your NAT rule has an out interface specified ?
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)
 
tyr76
just joined
Topic Author
Posts: 3
Joined: Thu Jul 14, 2016 6:13 pm

Re: Basic LAN to LAN

Thu Jul 14, 2016 6:53 pm

Hi Nick!
default route on 192.168.0.100 is 192.168.0.1
NAT is done at srcnat level, rules are just 2 (as 2 are the WAN)

chain=srcnat action=masquerade out-interface=pppoe1
chain=srcnat action=masquerade out-interface=pppoe2

traffic is mangled to route packets correctly (if a packet goes outside / comes from WAN1 is marked accordingly and further packets are sent from that interface)
But this is the part which works perfectly, no LAN to WAN issues, only LAN to LAN
 
User avatar
k6ccc
Member
Member
Posts: 480
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)

Re: Basic LAN to LAN

Thu Jul 14, 2016 7:48 pm

Check your routes table.  There should be dynamic routes for each LAN port.
RB750Gr3, RB750r2, CRS326-24G-2S (in SwitchOS), CSS326-24G-2S, CSS106-5G-1S, RB260GS
Not sure if I beat them in submission, or they beat me into submission


Jim
 
tyr76
just joined
Topic Author
Posts: 3
Joined: Thu Jul 14, 2016 6:13 pm

Re: Basic LAN to LAN

Fri Jul 15, 2016 9:32 am

I've tried a traceroute (without name resolution) and found out the LANx to LANy packets are sent outwards
I fear these mangling rules are responsible

 ;;; PCC load balance
      chain=prerouting action=mark-connection new-connection-mark=wanA_conn passthrough=yes dst-address-type=!local in-interface=LAN5
      per-connection-classifier=both-addresses-and-ports:2/1 log=no log-prefix="" 

Where does RouterOS set which addresses are local and which are not?

Who is online

Users browsing this forum: No registered users and 22 guests