Community discussions

just joined
Topic Author
Posts: 1
Joined: Sat Feb 16, 2019 11:16 pm

accidentally separated subnets - don't know how to solve

Sat Feb 16, 2019 11:31 pm

nice day outside but i decided to spend the day with my new friend the RB450Gx4.
plan was to setup load balancing... trying to hop to the odroid that collects my logfiles, i found it unreachable!
and that never changed since! :-(
except i managed to login using the mikrotik ssh client. a routed connection is not possible.
and i have no idea what i am missing here:

my routes:
 0 ADS  dst-address= gateway= 
        gateway-status= reachable via  unitymedia distance=1 scope=30 target-scope=10 

 1 ADC  dst-address= pref-src= gateway=lan gateway-status=lan reachable 
        distance=0 scope=10 

 2 ADC  dst-address= pref-src= gateway=hall gateway-status=hall reachable 
        distance=0 scope=10 

 3 ADC  dst-address= pref-src= gateway=muebaschu 
        gateway-status=muebaschu reachable distance=0 scope=10 

 4 ADC  dst-address= pref-src= gateway=pppoe-netcologne 
        gateway-status=pppoe-netcologne reachable distance=0 scope=10 

 5 ADC  dst-address= pref-src= gateway=unitymedia 
        gateway-status=unitymedia reachable distance=0 scope=10
my firewall rules:
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked 

 2    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid 

 3    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp 

 4    chain=input action=accept protocol=tcp dst-port=53 log=no 

 5    chain=input action=accept protocol=udp dst-port=53 log=no 

 6    chain=input action=accept protocol=tcp dst-port=443 log=no log-prefix="" 

 7    chain=input action=accept protocol=tcp dst-port=22 log=no log-prefix="" 

 8    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN 

 9    ;;; defconf: accept in ipsec policy
      chain=forward action=accept ipsec-policy=in,ipsec 

10    ;;; defconf: accept out ipsec policy
      chain=forward action=accept ipsec-policy=out,ipsec 

11    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection connection-state=established,related 

12    ;;; defconf: accept established,related, untracked
      chain=forward action=accept connection-state=established,related,untracked 

13 X  ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid 

14 X  ;;; defconf:  drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat 
      in-interface-list=WAN log=yes log-prefix="LAN_!LAN" 
did some diagnistics:
[markus@MueBaSchu] /ip route> check dst-ip=                    
     status: ok
  interface: lan

[markus@MueBaSchu] /ip route> check dst-ip= src-ip=
  status: failed
any help welcome!


Who is online

Users browsing this forum: MSN [Bot] and 93 guests