Community discussions

MikroTik App
 
rdisq
just joined
Topic Author
Posts: 1
Joined: Tue Nov 03, 2020 12:09 pm

Cannot ping on different subnet

Tue Nov 03, 2020 12:39 pm

Hello,
I have the situation that I want remote my CCTV (192.168.30.210) on VLAN id 30 from Ether1 (master ethernet for VLAN) but i cannot access or ping. But while I try to connect my laptop direct to VLAN id 30, its working and can ping to Ether1. And I try to create port forwarding to CCTV but not working. If you can helping my problem, I will be very glad and thank you.
Here is for the detail :

/ip address
add address=192.168.10.1/23 interface=ether1-MASTER network=192.168.10.0
add address=192.168.20.1/22 interface=VLAN20_Hotspot network=192.168.20.0
add address=210.210.162.74/30 interface=ether5 network=210.210.162.72
add address=192.168.30.1/24 interface=VLAN30_CCTV network=192.168.30.0

Note: For ether2 & ether3 is using broadband internet with dynamic IP

/interface vlan
add interface=ether1-MASTER name=VLAN20_Hotspot vlan-id=20
add interface=ether1-MASTER name=VLAN30_CCTV vlan-id=30

/ip firewall address-list
add address=210.210.XXX.XXX/30 list=public-ip
add address=182.253.XXX.XXX list=public-ip (ether3)
add address=45.126.XXX.XXX list=public-ip (ether2)
add address=192.168.10.0/23 list=lokal
add address=192.168.20.0/22 list=lokal
add address=192.168.30.0/24 list=lokal

/ip firewall mangle
add action=accept chain=prerouting dst-address-list=public-ip in-interface=\
ether1-MASTER
add action=accept chain=prerouting dst-address-list=public-ip in-interface=\
VLAN20_Hotspot
add action=mark-connection chain=input comment=\
"Incoming Connection from ether2" connection-state=new \
in-interface=ether2 new-connection-mark=traffic_ether2 \
passthrough=yes
add action=mark-connection chain=input comment=\
"Incoming Connection from ether5" connection-state=new \
in-interface=ether5 new-connection-mark=traffic_ether5 \
passthrough=yes
add action=mark-connection chain=input comment=\
"Incoming Connection from ether3" connection-state=new \
in-interface=ether3 new-connection-mark=traffic_ether3 passthrough=\
yes
add action=mark-routing chain=output connection-mark=traffic_ether2 \
new-routing-mark=to_ether2 passthrough=no
add action=mark-routing chain=output connection-mark=traffic_ether5 \
new-routing-mark=to_ether5 passthrough=no
add action=mark-routing chain=output connection-mark=traffic_ether3 \
new-routing-mark=to_ether3 passthrough=no
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface-list=LAN new-connection-mark=traffic_ether2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface-list=LAN new-connection-mark=traffic_ether3 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface-list=LAN new-connection-mark=traffic_ether5 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/2
add action=mark-routing chain=prerouting connection-mark=traffic_ether2 \
in-interface-list=LAN new-routing-mark=to_ether2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=traffic_ether3 \
in-interface-list=LAN new-routing-mark=to_ether3 passthrough=no
add action=mark-routing chain=prerouting connection-mark=traffic_ether5 \
in-interface-list=LAN new-routing-mark=to_ether5 passthrough=no
add action=mark-packet chain=forward comment=PCQ_Upload new-packet-mark=\
UploadOffice passthrough=no src-address=192.168.10.0/23
add action=mark-packet chain=forward comment=PCQ_Download dst-address=\
192.168.10.0/23 new-packet-mark=DownloadOffice passthrough=no
add action=mark-packet chain=forward dst-address=192.168.20.0/22 \
new-packet-mark=DownloadGuest passthrough=no
add action=mark-packet chain=forward new-packet-mark=UploadGuest passthrough=\
no src-address=192.168.20.0/22
add action=accept chain=prerouting disabled=no dst-address-list=lokal \
src-address-list=lokal

/ip firewall nat
add action=masquerade chain=srcnat comment="Masquarade ether2" \
out-interface=ether2
add action=masquerade chain=srcnat comment="Masquarade Hotspot" disabled=yes \
out-interface=VLAN20_Hotspot
add action=masquerade chain=srcnat comment="Masquarade Office" disabled=yes \
out-interface=ether1-MASTER
add action=masquerade chain=srcnat comment="Masquarade Office" disabled=yes \
out-interface=VLAN30_CCTV
add action=masquerade chain=srcnat comment="Masquarade ether3" \
out-interface=ether3
add action=masquerade chain=srcnat comment="Masquarade ether5" \
out-interface=ether5
add action=dst-nat chain=dstnat disabled=yes dst-address=210.210.XXX.XXX \
dst-port=554 log=yes protocol=tcp to-addresses=192.168.30.210 to-ports=\
554
add action=dst-nat chain=dstnat disabled=yes dst-address=210.210.XXX.XXX \
dst-port=8082 log=yes protocol=tcp to-addresses=192.168.30.210 to-ports=\
80
add action=dst-nat chain=dstnat disabled=yes dst-address=210.210.XXX.XXX \
dst-port=8000 log=yes protocol=tcp to-addresses=192.168.30.210 to-ports=\
8000
add action=masquerade chain=srcnat disabled=yes
add action=masquerade chain=srcnat src-address=192.168.10.0/23
add action=masquerade chain=srcnat src-address=192.168.20.0/22
add action=masquerade chain=srcnat disabled=yes out-interface=VLAN30_CCTV
add action=masquerade chain=srcnat src-address=192.168.30.0/24

Thank you

Who is online

Users browsing this forum: No registered users and 227 guests