Community discussions

MikroTik App
 
FranzVon
just joined
Topic Author
Posts: 6
Joined: Tue Jul 06, 2021 1:35 am

Basic setup: not passing traffic.

Wed Jul 07, 2021 5:30 pm

I have been recommended to look at the MircoTik router, so I am a newbie here.
For testing purposes, I have created a test setup as attached. From the router terminal I can ping everything, also external nodes such as 8.8.8.8
But from the PC at 70.80.90.0 I can only ping the ether2/lan interface, as well as ether1/wan (192.168.0.10) but nothing beyond that.
However, if I turn NAT on, then it passes traffic. But here is the catch, I need it as a plain router, not a firewall, I need it as a border/edge router for some public IP as shown on page 2 on the attachment.
I also followed the “First time configuration” but I just end up the same place again and again. https://help.mikrotik.com/docs/display/ ... figuration

Routes:
#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
0 A S  0.0.0.0/0                          192.168.0.1               1
1 ADC  70.80.90.0/24      70.80.90.1      ether2                    0
2 ADC  192.168.0.0/24     192.168.0.10    ether1                    0
Any suggestions?
Thanks FV
You do not have the required permissions to view the files attached to this post.
 
txfz
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Tue Mar 10, 2020 9:02 am

Re: Basic setup: not passing traffic.

Fri Jul 09, 2021 4:56 pm

You need to configure your EdgeRouter so that it knows where to forward traffic for 70.80.90.0/24.
 
FranzVon
just joined
Topic Author
Posts: 6
Joined: Tue Jul 06, 2021 1:35 am

Re: Basic setup: not passing traffic.

Fri Jul 09, 2021 5:41 pm

Well even if i change the default gateway on pc 192.168.0.100 to point at 192.168.0.10, i can't ping from 70.80.90.100 > 192.168.0.100 unless i turn NAT on. So its just not only the retur route there is an issue.
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: Basic setup: not passing traffic.

Fri Jul 09, 2021 7:53 pm

Just to show you what the possibilities are for Mikrotik and Ubiquiti and Cisco combinations.
My Network.jpg
You do not have the required permissions to view the files attached to this post.
 
FranzVon
just joined
Topic Author
Posts: 6
Joined: Tue Jul 06, 2021 1:35 am

Re: Basic setup: not passing traffic.

Tue Jul 13, 2021 11:58 am

Just to show you what the possibilities are for Mikrotik and Ubiquiti and Cisco combinations.My Network.jpg
I have no doubt, that there are almost endless combinations with MicroTik and other vendors, such as Cisco and Ubiquiti.
But I can’t see how your schematic would help or enlighten me? I clearly have something misconfigured, which I’m trying to locate.
 
User avatar
JazzMaster
Member Candidate
Member Candidate
Posts: 115
Joined: Wed Jan 16, 2019 7:18 pm
Location: Evansville, Indiana , USA

Re: Basic setup: not passing traffic.

Wed Jul 14, 2021 11:05 pm

Just to show you what the possibilities are for Mikrotik and Ubiquiti and Cisco combinations.My Network.jpg
I have no doubt, that there are almost endless combinations with MicroTik and other vendors, such as Cisco and Ubiquiti.
But I can’t see how your schematic would help or enlighten me? I clearly have something misconfigured, which I’m trying to locate.
I would like to see if I can guide you through your problem. One question I do have is: Is this for a single building with multiple floors and offices?
 
FranzVon
just joined
Topic Author
Posts: 6
Joined: Tue Jul 06, 2021 1:35 am

Re: Basic setup: not passing traffic.

Wed Jul 21, 2021 10:55 pm

Just to show you what the possibilities are for Mikrotik and Ubiquiti and Cisco combinations.My Network.jpg
I have no doubt, that there are almost endless combinations with MicroTik and other vendors, such as Cisco and Ubiquiti.
But I can’t see how your schematic would help or enlighten me? I clearly have something misconfigured, which I’m trying to locate.
I would like to see if I can guide you through your problem. One question I do have is: Is this for a single building with multiple floors and offices?
Much appreciated!
You can consider it one building (sort of). The reason for splitting it out to several sub-routers, is that for example the company providing heating control, they get their own external IP, their own router and they are totally isolated from the company providing access control and so if. That way I don’t have to be involved if they want to set up, lets say, vpn to their own solution.
 
dmitris
Member Candidate
Member Candidate
Posts: 127
Joined: Mon Oct 09, 2017 1:08 pm

Re: Basic setup: not passing traffic.

Thu Jul 22, 2021 4:33 pm

It's expected behaviour in your testing environment, because you are using public ip range (70.80.90.0/24) behind rfc1918 network 192.168.0.0/24 there is no way that it will pass to wan without NAT.
It will work as router, when you establish your border router with 70.80.90.1/28 ip and connect to them others edge routers.
 
FranzVon
just joined
Topic Author
Posts: 6
Joined: Tue Jul 06, 2021 1:35 am

Re: Basic setup: not passing traffic.

Thu Jul 22, 2021 8:44 pm

It's expected behaviour in your testing environment, because you are using public ip range (70.80.90.0/24) behind rfc1918 network 192.168.0.0/24 there is no way that it will pass to wan without NAT.
It will work as router, when you establish your border router with 70.80.90.1/28 ip and connect to them others edge routers.
If you take the real world example (with real IPs) in the document, there i have the same problem. Furthermore, if a router disallow a rfc1918 network, there is normaly a function to turn it off/on. I havent found this on the RouterOS
So if i apply it to the IPS connection, i have the very same problem.
 
dmitris
Member Candidate
Member Candidate
Posts: 127
Joined: Mon Oct 09, 2017 1:08 pm

Re: Basic setup: not passing traffic.

Thu Jul 22, 2021 10:00 pm

You didn't provide much information, so it's hard to help you...
You didn't specify how your ISP will share 16 prefixes with you? BGP? PtP + static route? Something else?

Let's assume that you have second variant......
1. Specify on border router default gateway towards ISP upstream, do not apply fw on forward chain.
2. On edge routers specify default gateway towards border router + NAT for private LAN + fw(input/forward).
This is enough to get working your real life example.
 
FranzVon
just joined
Topic Author
Posts: 6
Joined: Tue Jul 06, 2021 1:35 am

Re: Basic setup: not passing traffic.

Thu Jul 22, 2021 11:56 pm

You didn't provide much information, so it's hard to help you...
You didn't specify how your ISP will share 16 prefixes with you? BGP? PtP + static route? Something else?

Let's assume that you have second variant......
1. Specify on border router default gateway towards ISP upstream, do not apply fw on forward chain.
2. On edge routers specify default gateway towards border router + NAT for private LAN + fw(input/forward).
This is enough to get working your real life example.
I assume the ISP provide them as a static route, as nothing is mentioned. Also, the last thing you see, when you trace from the internet towards inner public network, is the /30 addr.
I have even scaled down the test to a bare minimum, two web-servers and a router, see below. And if it’s a pure router, then I should be able to pass traffic when the routes are set up. Perhaps I have misunderstood basic setup? (system reset and no default config)
You do not have the required permissions to view the files attached to this post.
 
dmitris
Member Candidate
Member Candidate
Posts: 127
Joined: Mon Oct 09, 2017 1:08 pm

Re: Basic setup: not passing traffic.

Fri Jul 23, 2021 9:46 am

So what i can say...70.80.90.100 not from 70.80.90.1/28 subnet, so they can't talk to each other, also check twice that you configured correct subnet prefixes/masks everywhere.

Who is online

Users browsing this forum: No registered users and 55 guests