Community discussions

MikroTik App
 
elxer
just joined
Topic Author
Posts: 6
Joined: Wed Oct 23, 2013 6:01 pm

Unable to ping anything from ccr1072

Tue Sep 11, 2018 9:08 pm

HI, I am unable to ping any ip from mikrotik. Mac ping is working but unable to icmp anything.? Anyway to troubleshoot icmp service apart from rebooting the device?
Note: there are no firewall rules blocking icmp. It stopped working automatically.
 
sindy
Forum Guru
Forum Guru
Posts: 5320
Joined: Mon Dec 04, 2017 9:19 pm

Re: Unable to ping anything from ccr1072

Tue Sep 11, 2018 9:26 pm

Try running /tool torch interface-name ip-protocol=icmp src-address=0.0.0.0/0 dst-address=0.0.0.0/0 and ping something which is accessible via that interface. If you can see only TX-PACKETS to count and RX-PACKETS stays at 0, the machine is pinging but the responses don't come (so a firewall on remote side may be the culprit); if you can see both directions to count, the responses are coming and either your firewall settings got corrupt or the software module in RouterOS responsible for pinging has a problem.

Do you have an action=accept connection-state=established,related rule as the first non-dynamic one in chain=input of /ip firewall filter?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
elxer
just joined
Topic Author
Posts: 6
Joined: Wed Oct 23, 2013 6:01 pm

Re: Unable to ping anything from ccr1072

Tue Sep 11, 2018 9:36 pm

Try running /tool torch interface-name ip-protocol=icmp src-address=0.0.0.0/0 dst-address=0.0.0.0/0 and ping something which is accessible via that interface. If you can see only TX-PACKETS to count and RX-PACKETS stays at 0, the machine is pinging but the responses don't come (so a firewall on remote side may be the culprit); if you can see both directions to count, the responses are coming and either your firewall settings got corrupt or the software module in RouterOS responsible for pinging has a problem.

Do you have an action=accept connection-state=established,related rule as the first non-dynamic one in chain=input of /ip firewall filter?
There are no firewall rules at all.
[admin@MikroTik] /ip firewall> expo
# sep/12/2018 00:01:24 by RouterOS 6.39.2
# software id = ********
#
/ip firewall connection tracking
set enabled=no
[admin@MikroTik] /ip firewall>

I am unable to ping anything so pretty sure there no issue on remote side.
Torch doesnt show either tx or rx. its blank so it seems software module which pings is the culprit. Any way to restart service responsible for ping without rebooting the whole router?
 
sindy
Forum Guru
Forum Guru
Posts: 5320
Joined: Mon Dec 04, 2017 9:19 pm

Re: Unable to ping anything from ccr1072

Tue Sep 11, 2018 9:46 pm

Assuming you did run the torch in one window and ping from another one, watching the torch, then yes, this looks like the pinging module dead. And no, there is no way to restart a software module individually from RouterOS CLI or GUI, a complete reboot is the only way.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
elxer
just joined
Topic Author
Posts: 6
Joined: Wed Oct 23, 2013 6:01 pm

Re: Unable to ping anything from ccr1072

Tue Sep 11, 2018 9:50 pm

Assuming you did run the torch in one window and ping from another one, watching the torch, then yes, this looks like the pinging module dead. And no, there is no way to restart a software module individually from RouterOS CLI or GUI, a complete reboot is the only way.
Will restart the router for now. Can this be due to 100's of static route with check-gateway=ping enabled? Should i avoid using ping to check gateways?
 
sindy
Forum Guru
Forum Guru
Posts: 5320
Joined: Mon Dec 04, 2017 9:19 pm

Re: Unable to ping anything from ccr1072

Tue Sep 11, 2018 10:05 pm

I'm not a Mikrotik SW developer, but "hundreds" (i.e. less than 2000) static routes each checking its gateway using pings mean just "tens" (i.e. less than 200) of ping request/response pairs per second, and the machine should hardly notice such load. If you don't have a sound reason for staying at 6.39.2, maybe you could use the occasion to upgrade to at least 6.40.9 (bugfix) which still uses the same L2 concept like 6.39.2. As you don't have any firewall rules, I suppose the device is deep in a private network, so security patches may seem less important, but the newer version may also fix the issue you've noticed. I'd strongly recommend to generate and download a supout.rif before reboot and send it to support@mikrotik.com with issue description or a link to this topic.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
elxer
just joined
Topic Author
Posts: 6
Joined: Wed Oct 23, 2013 6:01 pm

Re: Unable to ping anything from ccr1072

Tue Sep 11, 2018 10:24 pm

I'm not a Mikrotik SW developer, but "hundreds" (i.e. less than 2000) static routes each checking its gateway using pings mean just "tens" (i.e. less than 200) of ping request/response pairs per second, and the machine should hardly notice such load. If you don't have a sound reason for staying at 6.39.2, maybe you could use the occasion to upgrade to at least 6.40.9 (bugfix) which still uses the same L2 concept like 6.39.2. As you don't have any firewall rules, I suppose the device is deep in a private network, so security patches may seem less important, but the newer version may also fix the issue you've noticed. I'd strongly recommend to generate and download a supout.rif before reboot and send it to support@mikrotik.com with issue description or a link to this topic.
Did as you said. Thanks for your time.

Who is online

Users browsing this forum: aanjaneyam, BrainPain, Google [Bot], Tdaddysimi and 64 guests