Hi All
Have an issue with additional Public IP Pool on my Mikrotik RB 2011UiAS with OS: 6.43.8
I do not receive answer on pings send to additional Public IP pool from internet.
Here are details:
Primary IP: XXX.XXX.34.134 mask 255.255.255.252 on port ether1
Additional Public pool: YYY.YYY.46.128 /29 configured on lan side, ether 8 port:
Settings of "address":
[admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf_MGMT_LAN
192.168.66.1/24 192.168.66.0 ether2
1 ;;; WAN IP
XXX.XXX.34.134/30 XXX.XXX.34.132 ether1
2 ;;; Public_WIFI
10.10.10.1/23 10.10.10.0 VLAN_WIFI_CS
3 ;;; S_WIFI
192.168.75.1/24 192.168.75.0 VLAN_SANDBOX_WIFI
4 ;;; Public_IP_POOL
YYY.YYY.46.129/29 YYY.YYY.46.128 ether8
Settings of "Routes":
[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 XXX.XXX.34.133 1
1 ADC 10.10.10.0/23 10.10.10.1 VLAN_WIFI_CS 0
2 ADC XXX.XXX.34.132/30 XXX.XXX.34.134 ether1 0
3 ADC YYY.YYY.46.128/29 XXX.XXX.46.129 ether8 0
4 ADC 192.168.66.0/24 192.168.66.1 bridge 0
5 ADC 192.168.75.0/24 192.168.75.1 VLAN_SANDBOX_WIFI 0
Public IP Pool is excluded from masquerade:
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: MASQUERADE ALL LAN with bypass for public IP_POOL
chain=srcnat action=masquerade src-address=!YYY.YYY.46.128/29
out-interface-list=WAN log=no log-prefix="" ipsec-policy=out,none
Port ether 8 is excluded from bridge.
To port 8 I have connected PC with one of public ip: YYY.YYY.46.130 and gw YYY.YYY.46.129. Internet is working fine. I’m going out with assigned IP (YYY.YYY.46.130 checked with-> https://www.whatismyip.com/what-is-my-p ... p-address/) I can send ping all is ok.
But when I try ping this pc (YYY.YYY.46.130) from outside then receive timeout.
When I send ping to YYY.YYY.46.129 I receive answer.
Moreover when I send ping from Mikrotik terminal there is answer from pc with YYY.YYY.46.130
TORCH on port Ether 8, when I’m sending pings from outside to YYY.YYY.46.130 -> screen in attachment
TORCH on port Ether 1 when I’m sending pings from outside to YYY.YYY.46.130 - screen in attachment
I also created two firewall rules to allow traffic to affected IP Pool. The counters for this rules are showing traffic going through..
[admin@MikroTik] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Public_IP_POOL_IN
chain=forward action=accept dst-address=YYY.YYY.46.128/29
in-interface=ether1 out-interface=ether8 log=no log-prefix=""
1 ;;; Public_IP_POOL_OUT
chain=forward action=accept src-address=YYY.YYY.46.128/29
in-interface=ether8 out-interface=ether1 log=no log-prefix=""
Any idea what can be wrong?
Thank you in advance