Community discussions

MikroTik App
 
jakir69
just joined
Topic Author
Posts: 12
Joined: Mon Feb 06, 2017 9:00 am

Replies coming from Router instead of host

Sun Aug 22, 2021 9:36 am

I have ccr router(172.21.16.1) configured as gateway for user and another mikrotik (172.21.16.2) configured as vpn server.
My scenario is ccr + vpn router + end host (172.21.16.15) connected to same switch on same vlan which is 807.

i have added an ip in vpn router from same subnet range which is in host device.
now my issue is whenever i try to arp/ping i get replies from ccr instead of the host. if i try arping i get mac flaps between the host and ccr.

usually i should be able to establish l2 connectivity between vpn router and host without ccr interference. but why am i getting replies from ccr is my question.

Note : i may not be explaining my scenario very clearly, but i am eager to share more info needed.

Thanks in advance.
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: Replies coming from Router instead of host

Mon Aug 23, 2021 3:52 am

Yea, hard to follow from your description. A drawing with how everything is connected would help.
Also, export your configurations and post.
 
jakir69
just joined
Topic Author
Posts: 12
Joined: Mon Feb 06, 2017 9:00 am

Re: Replies coming from Router instead of host

Tue Aug 24, 2021 9:57 am

Yea, hard to follow from your description. A drawing with how everything is connected would help.
Also, export your configurations and post.
here is my config

/interface ethernet
set [ find default-name=ether1 ] comment=WAN
/interface vlan
add comment=T1 interface=ether5 name=805 vlan-id=805
add comment=T2 interface=ether5 name=807 vlan-id=807
/interface list
add name=WAN
/queue simple
add comment=ICMP_IN max-limit=100M/100M name=ICMP_IN packet-marks=ICMP_IN \
priority=1/1
add comment=ICMP_OUT max-limit=100M/100M name=ICMP_OUT packet-marks=ICMP_OUT \
priority=1/1
/queue tree
add name=ICMP_IN packet-mark=ICMP_IN parent=global priority=1
add name=ICMP_OUT packet-mark=ICMP_OUT parent=global priority=1
add disabled=yes name=Browsing packet-mark=browsing-packet parent=global \
priority=1 queue=default
add disabled=yes name=Download packet-mark=download-packet parent=global \
priority=5 queue=default
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=ether1 list=WAN
/ip address
add address=172.21.15.1/24 interface=807 network=172.21.15.0
/ip firewall address-list
add address=172.21.16.0/24 list=NAT
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=log chain=forward comment=" logs rule" connection-nat-state=\
srcnat,dstnat connection-state=new protocol=tcp src-address=0.0.0.0/0
add action=accept chain=forward connection-state=established
add action=accept chain=forward connection-state=related
add action=drop chain=forward connection-state=invalid
/ip firewall mangle
add action=mark-packet chain=postrouting new-packet-mark=ICMP_OUT \
passthrough=no protocol=icmp
add action=mark-packet chain=prerouting new-packet-mark=ICMP_IN passthrough=\
no protocol=icmp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
out-interface-list=WAN src-address-list=NAT
/ip hotspot ip-binding

add address=172.21.16.0/24

add address=0.0.0.0/0 type=blocked
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
/ip hotspot walled-garden ip
add action=accept disabled=no !dst-address !dst-address-list !dst-port \
protocol=icmp !src-address !src-address-list
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api-ssl disabled=yes
/system scheduler
add interval=2m name=Host on-event="/ip hotspot host remove [find authorized=n\
o bypassed=no]\r\
\n:local dumplist \r\
\n}\r\
\n" policy=read,write,test,password,sniff start-time=startup
add interval=1m name=ICMP on-event="/queue simple move [find name=\"ICMP_IN\"]\
\_[:pick [find] 0]\r\
\n/queue simple move [find name=\"ICMP_OUT\"] [:pick [find] 1]" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
nov/01/2015 start-time=05:58:48
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: SMARTNETTT and 32 guests