Community discussions

MUM Europe 2020
 
AviX
just joined
Topic Author
Posts: 11
Joined: Sat Aug 15, 2009 11:55 am

Pinging problem across network

Mon Sep 21, 2009 10:45 pm

Hi everybody.

I have one little problem and i hope that you'll be able to help me. First let me say that you'll need picture on the link http://tinyurl.com/l3v5w3 in order to understand my problem.

Network description.

PC1 does not have wlan card so i connected it (with ethernet cable) to the Edimax wireless AP which is on client mode. So now i was able to connect to the wireless ADSL router (Zyxel 660HW) which is located in the next room. Zyxel660 is connected to the Planet WAP4000 wireless AP (keep in mind that this is only layer2 device) located on the roof of my building.

In the center of the network there is Mikrotik PC with two wlan and one ethernet interface.
1. wlan1 card is connected to the omnidirectional antenna. This interface is in ap mode and serves other clients
2. wlan2 card is connected to directional antenna (directed towards PLANET WAP4000), and this interface is in station mode

wlan1 interface and ethernet interface are added to the bridge1 interface under the same ip address 192.168.55.1/24, and wlan2 interface has address 192.168.56.2/24 and connects to the PLANET WAP4000.

PC3 is connected to the ethernet mikrotik interface, and other clients (PC2) are connecting to the wlan1 mikrotik interface (55.0/24 network)

On mikrotik i added command: ip firewall nat add chain=srcnat action=masquerade out-interface=wlan2 in order to be able to ping PC1 from PC2 (becouse WAP4000 is only layer 2 device), so mapping of 56.0/24 network to 55.0/24 network is necessary

My problem:

I can ping PC1, from PC2 and PC3 as well as all other network devices in the image, however when i try to ping PC2 from PC1 ping
fails. Why is that ? What i'm doing wrong ?

From PC1 i can ping everything except PC2 or PC3. Please help.

Tx
 
triac
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Mon Feb 07, 2005 7:35 pm
Location: Italy

Re: Pinging problem across network

Tue Sep 22, 2009 2:02 pm

Hi Avix,

I think You need a transparent bridge on your MT....

Plz read this: http://wiki.mikrotik.com/wiki/Transpare ... o_Networks
or: http://wiki.mikrotik.com/wiki/Transpare ... %28EoIP%29

I'm using WDS mode.

I hope this can help You.

Paolo
Paolo Torri
 
eneimi
Member
Member
Posts: 388
Joined: Sun Sep 09, 2007 12:55 pm

Re: Pinging problem across network

Wed Sep 23, 2009 1:41 am

You are running two separate networks and with respect to the mikrotik box: x.x.56.0/24=wan and x.x.55.0/24=lan. Problem your having is because you're trying to traverse subnets without applying the necessary rules.

Your srcnat rule ensures that when PC2 and PC3 (both on lan) are pinging PC1 (wan), they are doing so with 192.168.56.2 (wlan2 ip).
For the reverse to be possible you have to add a dstnat rule that translates the PC1 ip (wan) to a 'valid' lan ip. http://www.mikrotik.com/testdocs/ros/3.0/qos/nat.php

Another option would be along the lines of what triac said: you can use wds bridging or just regular bridging with wlan2 as station-pseudobridge. This ensures PC1, PC2 and PC3 are all on the same subnet.
 
AviX
just joined
Topic Author
Posts: 11
Joined: Sat Aug 15, 2009 11:55 am

Re: Pinging problem across network

Wed Sep 23, 2009 9:49 am

Tx 4 help. I will try all that is mentioned above, and let you know the result ;)
 
AviX
just joined
Topic Author
Posts: 11
Joined: Sat Aug 15, 2009 11:55 am

Re: Pinging problem across network

Wed Sep 23, 2009 10:45 pm

Hello again,

I added command ip firewall nat add chain=dstnat dst-adress=192.168.55.0/24 action=redirect and it was successfull. Now i am able to ping all computers, however i have new problem. I can't access to these computers using windows remote desktop connection (i was able to do that while computers were in same subnet). Any ideas ? I persume that i'll need to redirect some ports, but how to do that ?
 
eneimi
Member
Member
Posts: 388
Joined: Sun Sep 09, 2007 12:55 pm

Re: Pinging problem across network

Thu Sep 24, 2009 2:16 am

Ensure you haven't got any rules that would drop such traffic.
Use action=srcnat/action=dstnat (rather than masquerade/redirect); that will allow you specify to-addresses/to-ports. I think port 3389 is what you need to work with.

Who is online

Users browsing this forum: jasons6930 and 39 guests