Community discussions

MikroTik App
 
o_hawchar86
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Sun Nov 26, 2006 8:59 am

I can't ping externel Ip like my Gateway !

Sun Nov 26, 2006 9:25 am

What to Do .. ! from the router i can but outside of the router i can't !
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Sun Nov 26, 2006 5:20 pm

o_hawchar86 - for anyone to really help you - you need to give a lot more info....

IP addresses and routes would be a good start.

From your description though it sounds like you don't have route 0/0 in routing policy set to lookup table main and/or you don't have the default route ( 0/0 ) in route table main set to go to your gateway...

Could be your masqurade rule, src/dst nat rule(s) as well.

Give us some info and we'll help you out.
 
ajmal
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Jan 31, 2005 8:38 pm
Location: IN

Re: I can't ping externel Ip like my Gateway !

Sun Nov 26, 2006 7:06 pm

What to Do .. ! from the router i can but outside of the router i can't !
provide more info about ur interface/Ip.
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Sun Nov 26, 2006 9:08 pm

1) IP addresses - interface
2) routes - include policy routing rules if you have any
3) masqurade rule, src/dst nat rule(s)

Thom
 
o_hawchar86
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Sun Nov 26, 2006 8:59 am

Mon Nov 27, 2006 7:43 am

# DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE
0 ADC 10.20.30.0/24 10.20.30.1 Network
1 ADC my ip range.152/29 my ip Cable
2 A S ;;; added by setup
0.0.0.0/0 r my gateway Cable
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Mon Nov 27, 2006 3:42 pm

o_hawchar86 -

I see from your post above that you have a dynamic IP address from your cable provider as your gateway.... I haven't used that feature of route setting to setup any of the routers that I have... I use static IPs for gateways always.
There are several posts on how to use dynamic IPs for gateways - please do a search and look at the info to make sure you are getting and using the IP address given from your cable provider correctly and getting it updated as necessary as it changes....

I have IP addresses (207.115.65.xxx/xx) routed from the Telco to my gateway 66.114.146.xxx


This is print from one of my routers... Your output (print) should be very similiar except for the actual addresses/subnet masks...if not - then there is your problem..... My last octect of IP has been removed and replaced with "xx".

Thom


Using terminal mode:

command: ip address print

# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.1/16 192.168.0.0 192.168.255.255 ether1
1 66.114.146.xxx/24 66.114.146.0 66.114.146.255 ether2


command: ip route print

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
A S 0.0.0.0/0 r 66.114.146.1 ether2


command: ip route rule print

src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=lookup table=main


command: ip firewall nat print

;;; All for now 192 to 207.115.65.xxx (this is a comment)
chain=srcnat src-address=192.168.0.0/16 action=src-nat to-addresses=207.115.65.xxx to-ports=0-65535
 
o_hawchar86
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Sun Nov 26, 2006 8:59 am

Mon Nov 27, 2006 7:58 pm

@ galaxynet

i added
ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade
now i can ping i don't know what this command means, but it works can u explain me what happened

another thing is it possible to view webproxy log in log i mean what sites are currently requested and is it possible to view most visites sites in graph tool !
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Wed Nov 29, 2006 3:49 pm

o_hawchar86 -

Basically masqurade or NAT changes the 'source' IP address of the outgoing TCP/UDP data packet. When the answering packet returns it is dst-nat'd or 'un-masquraded' back to the requesting IP address by the MT router.

What was happening before was that your MT router was sending your Internet requests with the IP address range of 10.20.30.0/24 - (your LAN Network) out of the router to your cable provider's network. The MT expected the packets to get routed by the next router upstream (Cable company). Since the cable company does not route your private IP packets they (private IP address packets) just die in transit on the cable network.

What is happening now - is that all your internal IP packets have been masquraded to the same IP address as your MT router's WAN, (from your message) "my ip range.152/29 my ip Cable". Now the cable company's router knows where to send packets from that IP range to/from - the MT knows it sent the packets out and tracks the connections. The returning packets get sent back to the requesting private address (LAN) requestor (un-masquraded if you will).

Sounds like you really need to read about TCP routing. Here on the Mikrotik site there are some excellent articles about TCP and routing - I don't remember where they posted the "References" at but I know its in the docs somewhere - perhaps FAQs?. Also the Mikrotik wiki forum has some good info.

There is a way to look at the webproxy log - I don't recall the specifics at the moment. However I do know that it only shows IP addresses not URLs. As for graphing...I don't know the answer for that - look in the MT scripting forum and see if someone has done it before...

Thom

Who is online

Users browsing this forum: Bing [Bot], Majestic-12 [Bot], mikrotak and 94 guests