Page 1 of 1

Unable to ping/trace from lan

Posted: Mon Sep 09, 2019 5:20 pm
by RedFoxy
Hi!
After I change my router with a Mikrotik RB760iGS I've a trouble, when I try to do a ping from my computer I recieve a 1ms response time like that I'm trying ping the router, same if I do a trace

How can I fix it?
Annotazione 2019-09-09 161927.jpg

Re: Unable to ping/trace from lan

Posted: Mon Sep 09, 2019 5:29 pm
by Anumrak
How about to disable your PC firewall for a short period of time and try again?

Re: Unable to ping/trace from lan

Posted: Mon Sep 09, 2019 6:25 pm
by RedFoxy
How about to disable your PC firewall for a short period of time and try again?
Already done, no change

Re: Unable to ping/trace from lan

Posted: Mon Sep 09, 2019 6:45 pm
by BartoszP
Show configuration of your router.
I suspect that you have assigned 8.8.8.8 address to interface in your router.

Re: Unable to ping/trace from lan

Posted: Mon Sep 09, 2019 7:19 pm
by RedFoxy
Show configuration of your router.
I suspect that you have assigned 8.8.8.8 address to interface in your router.
No I don't, I've that trouble with everything:

C:\Users\redfo>ping 1.1.1.1
Esecuzione di Ping 1.1.1.1 con 32 byte di dati:
Risposta da 1.1.1.1: byte=32 durata<1ms TTL=64
Risposta da 1.1.1.1: byte=32 durata<1ms TTL=64
Risposta da 1.1.1.1: byte=32 durata<1ms TTL=64
Risposta da 1.1.1.1: byte=32 durata<1ms TTL=64

Statistiche Ping per 1.1.1.1:
Pacchetti: Trasmessi = 4, Ricevuti = 4,
Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
Minimo = 0ms, Massimo = 0ms, Medio = 0ms

C:\Users\redfo>tracert 1.1.1.1
Traccia instradamento verso one.one.one.one [1.1.1.1]
su un massimo di 30 punti di passaggio:

1 <1 ms <1 ms <1 ms one.one.one.one [1.1.1.1]

C:\Users\redfo>ping master.deltacomsrl.it
Esecuzione di Ping master.deltacomsrl.it [95.211.111.216] con 32 byte di dati:
Risposta da 95.211.111.216: byte=32 durata<1ms TTL=64
Risposta da 95.211.111.216: byte=32 durata<1ms TTL=64
Risposta da 95.211.111.216: byte=32 durata<1ms TTL=64
Risposta da 95.211.111.216: byte=32 durata<1ms TTL=64

Statistiche Ping per 95.211.111.216:
Pacchetti: Trasmessi = 4, Ricevuti = 4,
Persi = 0 (0% persi),
Tempo approssimativo percorsi andata/ritorno in millisecondi:
Minimo = 0ms, Massimo = 0ms, Medio = 0ms

C:\Users\redfo>tracert master.deltacomsrl.it
Traccia instradamento verso master.deltacomsrl.it [95.211.111.216]
su un massimo di 30 punti di passaggio:

1 <1 ms <1 ms <1 ms master.deltacomsrl.it [95.211.111.216]

Traccia completata.

That's my actual config:

# sep/09/2019 18:17:07 by RouterOS 6.45.5
Conf removed

Re: Unable to ping/trace from lan

Posted: Mon Sep 09, 2019 7:41 pm
by RedFoxy
I forgot to tell you that I need top recieve external ping on router to check if it's online by Zabbix, to do that I've a NAT rule:

/ip firewall nat
add action=dst-nat chain=dstnat comment=Ping protocol=icmp to-addresses=\
10.254.254.254

Re: Unable to ping/trace from lan

Posted: Mon Sep 09, 2019 8:25 pm
by mkx
This NAT rule
add action=dst-nat chain=dstnat comment=Ping protocol=icmp to-addresses=10.254.254.254
grabs just any ping request regardless where it starts and what is its destination and redirects it to 10.254.254.254 (which happens to be one of router's addresses). And similar problem is present on many other DST-NAT rules.

You have to make those NAT rules more picky by including some additional filtering options, such as "dst-address=..." or "<in-interface=WAN interface>" ...

Re: Unable to ping/trace from lan

Posted: Mon Sep 09, 2019 11:20 pm
by RedFoxy
This NAT rule
add action=dst-nat chain=dstnat comment=Ping protocol=icmp to-addresses=10.254.254.254
grabs just any ping request regardless where it starts and what is its destination and redirects it to 10.254.254.254 (which happens to be one of router's addresses). And similar problem is present on many other DST-NAT rules.

You have to make those NAT rules more picky by including some additional filtering options, such as "dst-address=..." or "<in-interface=WAN interface>" ...
thank you! I noticed that just after my last post, thanks for your help!