Community discussions

 
mcelliers
just joined
Topic Author
Posts: 2
Joined: Fri May 11, 2018 1:25 pm

Can route to internet but not between local Subnets

Fri May 11, 2018 2:18 pm

Hi I Dont know if i am missing some setting RB2011 1iL-RM, because I cant route between two local subnets connected to a router.
Connecting to the internet on the same router works fine.

I have 3 separate networks connected to A Mikrotik RB2011 1iL-RM .
Subnet 1 - 10.0.3.0/24 ( Local Area network)
Subnet 2 - 10.0.16.0/24 ( Local Area network)
Subnet 3 - 10.0.0.0/30 (Link to an internet router on IP 10.0.0.1)
My Ethernet Ports are set up as follows:
ETH 2 10.0.0.2/30
ETH 3 10.0.16.1/24
ETH 4 10.0.3.1/24

The Mikrotik already created dynamic routes an I have added the following route for internet access.

0.0.0.0/0 gateway 10.0.0.1 Distance 1 ( i Have changed he distance to 10 just in case it takes over )

these are the dynamic Routes that the Mikrotik made
10.0.0.0/30 Ether2reachable Distance 0
10.0.16.0/24 Ether4reachable Distance 0
10.0.3.0/24 Ether4reachable Distance 0

I can connect to the internet but the Mikrotik does not route between the two local subnets ( 10.0.3.0/24 and 10.0.16.0/24) the Mikrotik can ping all the devices on both networks.
All devices have their gateway address setup correctly and can connect to the internet. I have opened up ICMP on all device firewalls.
Also I have no settings yet in the Mikrotik Firewall.

Is the Mikrotik routing out the wrong port?
Please assist.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1051
Joined: Fri Jul 28, 2017 2:53 pm

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 2:42 pm

Why you think Tik can't route? If you see dynamic routes of LANs in routing table, then it routes. Try to traceroute between hosts in different subnets. If you can see first hop as his gateway IP and after trace is snaps, then host in destination just blocks ICMP.
Last edited by Anumrak on Fri May 11, 2018 2:51 pm, edited 1 time in total.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1430
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 2:44 pm

I don't see any problem here and routing will work, maybe try and disable firewall on client devices and test
MTCNA, MTCTCE, MTCRE & MTCINE
 
sindy
Forum Guru
Forum Guru
Posts: 3885
Joined: Mon Dec 04, 2017 9:19 pm

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 3:42 pm

When routes are present, two things to look at first:
  • the defaut route of the clients must be Mikrotik's IP address in the same subnet (unless you have a more complex routing configured at the clients of course)
  • firewall rules preventing packets to flow between LANs (dropped before or after routing)
.

As you say that routes at clients are fine, what does /ip firewall export say?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Samot
Member Candidate
Member Candidate
Posts: 109
Joined: Sat Nov 25, 2017 10:01 pm

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 4:39 pm

You cannot route between subnets by default. That's the point of having different subnets, so the hosts can communicate with those on their subnet but not others. Those dynamic routes that are being made are for Internet access so those subnets can route out to the Internet.

If you want 10.0.16.0/24 to route to 10.0.3.0/24 you need to create a route between them to do so. If you want the reverse you need to do the same thing in reverse. You need to tell the router that X, Y and Z subnets can route to X, Y, Z and even I (Internet) because you can tell it not to create those dynamic routes for Internet access and deny a subnet the ability to hit the Internet.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1051
Joined: Fri Jul 28, 2017 2:53 pm

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 4:45 pm

You cannot route between subnets by default. That's the point of having different subnets, so the hosts can communicate with those on their subnet but not others. Those dynamic routes that are being made are for Internet access so those subnets can route out to the Internet.

If you want 10.0.16.0/24 to route to 10.0.3.0/24 you need to create a route between them to do so. If you want the reverse you need to do the same thing in reverse. You need to tell the router that X, Y and Z subnets can route to X, Y, Z and even I (Internet) because you can tell it not to create those dynamic routes for Internet access and deny a subnet the ability to hit the Internet.
These subnets are connected to the same single router, dude. How the router doesn't know about them? :)
 
User avatar
nickshore
Member
Member
Posts: 472
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 4:49 pm

It is best if you export the whole config so that we can see it.

I am guessing it is related to NAT rules.

Nick
Nick Shore MTCNA MTCWE MTCRE MTCINE MTCTCE
LinITX.com - MultiThread Consultants
Get your MikroTik RBs and Training: http://linitx.com/brand/mikrotik
Official UK MikroTik Distributor
IRC chan: #routerboard on irc.z.je (IPv4 and IPv6)
 
tippenring
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 5:00 pm

You cannot route between subnets by default. That's the point of having different subnets, so the hosts can communicate with those on their subnet but not others. Those dynamic routes that are being made are for Internet access so those subnets can route out to the Internet.

If you want 10.0.16.0/24 to route to 10.0.3.0/24 you need to create a route between them to do so. If you want the reverse you need to do the same thing in reverse. You need to tell the router that X, Y and Z subnets can route to X, Y, Z and even I (Internet) because you can tell it not to create those dynamic routes for Internet access and deny a subnet the ability to hit the Internet.
These subnets are connected to the same single router, dude. How the router doesn't know about them? :)
Just as an aside, I recently learned that Palo Alto does not automatically add directly connected networks to their routing tables. First time I've ever seen a device that "routes" not add a directly-connected route to its routing table.
 
mcelliers
just joined
Topic Author
Posts: 2
Joined: Fri May 11, 2018 1:25 pm

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 5:06 pm

Hi Thank you all for the reply.

I have decided to reset the Mikrotik to factory default and started my configuration over again ( Was not much config 3 Ports and 1 additional route + DHCP etc..)
Now it works.. ( Must have just been some wrong setting somewhere that I could not see)

Both Routing Between Subnet 2 Subnet and Subnets 2 internet works fine now.

Thanks again for the replies
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1051
Joined: Fri Jul 28, 2017 2:53 pm

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 5:07 pm

You cannot route between subnets by default. That's the point of having different subnets, so the hosts can communicate with those on their subnet but not others. Those dynamic routes that are being made are for Internet access so those subnets can route out to the Internet.

If you want 10.0.16.0/24 to route to 10.0.3.0/24 you need to create a route between them to do so. If you want the reverse you need to do the same thing in reverse. You need to tell the router that X, Y and Z subnets can route to X, Y, Z and even I (Internet) because you can tell it not to create those dynamic routes for Internet access and deny a subnet the ability to hit the Internet.
These subnets are connected to the same single router, dude. How the router doesn't know about them? :)
Just as an aside, I recently learned that Palo Alto does not automatically add directly connected networks to their routing tables. First time I've ever seen a device that "routes" not add a directly-connected route to its routing table.
I'm talking about normal routers, not crooked.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1051
Joined: Fri Jul 28, 2017 2:53 pm

Re: Can route to internet but not between local Subnets

Fri May 11, 2018 5:09 pm

Hi Thank you all for the reply.

I have decided to reset the Mikrotik to factory default and started my configuration over again ( Was not much config 3 Ports and 1 additional route + DHCP etc..)
Now it works.. ( Must have just been some wrong setting somewhere that I could not see)

Both Routing Between Subnet 2 Subnet and Subnets 2 internet works fine now.

Thanks again for the replies
+ 1 unsolved case :)

Who is online

Users browsing this forum: MSN [Bot] and 81 guests