Community discussions

MikroTik App
 
abab_rafiq
Member Candidate
Member Candidate
Topic Author
Posts: 118
Joined: Thu Aug 24, 2006 12:47 pm
Location: Dhaka

Can't ping different Network in Policy Routing

Sun Sep 23, 2007 7:30 am

Hello,
I just configure policy routing for 2 of my uplink from different ISP. Both are running well, but I cannot ping one network from other one. Below is my route list

ip route> rule print
Flags: X - disabled, I - inactive
0 src-address=1XX.10X.38.32/28 routing-mark=FiberNet action=lookup
table=FiberNet



ip route> print

# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 1XX.10X.38.20/30 1XX.10X.38.22 Wan
1 ADC 1XX.10X.38.32/28 1XX.10X.38.33 Lan
3 ADC 2YY.14Y.58.80/30 2YY.14Y.58.82 Wan
4 ADC 2YY.14Y.58.96/27 2YY.14Y.58.97 Lan
5 A S ;;; added by setup
0.0.0.0/0 r 2YY.14Y.58.81 Wan
6 A S ;;; added by setup
0.0.0.0/0 r 1XX.10X.38.21 Wan

ip firewall mangle> print

chain=prerouting src-address=1XX.10X.38.32/28 action=mark-routing
new-routing-mark=FiberNet passthrough=yes


From
Network 2YY.14Y.58.96/27 I cannot ping to 1XX.10X.38.32/28 and vice-versa.

Any solutions plz.

Rafiq...
 
User avatar
winxp2000
Member Candidate
Member Candidate
Posts: 113
Joined: Mon Jan 30, 2006 8:57 pm
Location: China
Contact:

Re: Can't ping different Network in Policy Routing

Sun Sep 23, 2007 9:40 pm

Could you post your firewall rules ?

MT allow ping in different line.

I think you must make some firewall rule to stop it. (May be ICMP drop)
 
abab_rafiq
Member Candidate
Member Candidate
Topic Author
Posts: 118
Joined: Thu Aug 24, 2006 12:47 pm
Location: Dhaka

Re: Can't ping different Network in Policy Routing

Mon Sep 24, 2007 11:01 am

No firewall to drop ICMP of any usefull port, where from each network (2YY.14Y.58.96/27 & 1XX.10X.38.32/28) everything is running well and fine. Both network can out and available from outside. But not accessible with each other. Where they(network) live together and sharing same room(interface & machine) but seems they are divorced(no route).

Can anyone plz help me to make their(network) relations good.

8)

Rafiq..
 
User avatar
sariao
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Thu Jul 08, 2004 10:55 am
Location: Saudi Arabia

Re: Can't ping different Network in Policy Routing

Mon Sep 24, 2007 11:33 am

Do a trace route from any of your computers one computer from each segment. and post the results here.

for example, on compter from range 1XX.10X.38.32/28
tracert 2YY.14Y.58.100 -d
 
abab_rafiq
Member Candidate
Member Candidate
Topic Author
Posts: 118
Joined: Thu Aug 24, 2006 12:47 pm
Location: Dhaka

Re: Can't ping different Network in Policy Routing

Mon Sep 24, 2007 11:50 am

From Network 1XX.10X.38.32/28
tracert 2YY.14Y.58.100 -d

Tracing route to 202.148.58.102 over a maximum of 30

1 <1 ms <1 ms <1 ms 1XX.10X.38.33
2 <1 ms <1 ms <1 ms 1XX.10X.38.21
3 1 ms <1 ms <1 ms 1XX.10X.38.1
4 3 ms 2 ms 1 ms 1XX.10X.32.18

And then got IPs from 1XX.10X.38.32/28 block ISP and goes route loop.

And from 2YY.14Y.58.100

# traceroute 1XX.10X.38.42
traceroute to 1XX.10X.38.42 (1XX.10X.38.42), 30 hops max, 38 byte packets
1 2YY.14Y.58.97 (202.148.58.97) 0.205 ms 0.151 ms 0.149 ms
2 * * *
3 * * *


Rafiq...
 
litoavi
just joined
Posts: 3
Joined: Sun Aug 05, 2007 9:24 am
Location: Dhaka, Bangladesh.

Re: Can't ping different Network in Policy Routing

Mon Sep 24, 2007 12:43 pm

I think in loop and You can use Spanning tree protocol to break such type of loop.

...
Regards

Avijit
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: Can't ping different Network in Policy Routing

Mon Sep 24, 2007 4:10 pm

I think, that you have to exclude traffic betweern these subnets from policy-routing rules, then communication should work,
it should be like 'ip firewall mangle add src-address=local_subnet_1 dst-address=local_subnet_2 action=accept passtrough=no'.
Place this rule before mark-routing rules.
 
abab_rafiq
Member Candidate
Member Candidate
Topic Author
Posts: 118
Joined: Thu Aug 24, 2006 12:47 pm
Location: Dhaka

Re: Can't ping different Network in Policy Routing

Tue Sep 25, 2007 7:24 am

Dear sergejs,
I just put the following mangle rule, but things remain same. I also used pre routing chain.
ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward src-address=2YY.14Y.58.96/27 dst-address=1XX.10X.38.32/28
action=accept

Rafiq...
 
User avatar
sariao
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Thu Jul 08, 2004 10:55 am
Location: Saudi Arabia

Re: Can't ping different Network in Policy Routing

Tue Sep 25, 2007 10:25 am

Dear Abab

try to disable these two records from your routing table:
0.0.0.0/0 r 2YY.14Y.58.81 Wan 
0.0.0.0/0 r 1XX.10X.38.21 Wan 
after that try tracert again, and let me know.
 
abab_rafiq
Member Candidate
Member Candidate
Topic Author
Posts: 118
Joined: Thu Aug 24, 2006 12:47 pm
Location: Dhaka

Re: Can't ping different Network in Policy Routing

Tue Sep 25, 2007 7:19 pm

Dear sariao,
Those two

0.0.0.0/0 r 2YY.14Y.58.81 Wan
0.0.0.0/0 r 1XX.10X.38.21 Wan

are my network default gateway. By disabling those causes my network down from outside. !!

Any other solutions plz.

Rafiq...
 
User avatar
sariao
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Thu Jul 08, 2004 10:55 am
Location: Saudi Arabia

Re: Can't ping different Network in Policy Routing

Tue Sep 25, 2007 10:11 pm

I know these are your defualt gateways man, disable them do the trace and sumbit the results. after that you can reenable them! plus sumbit your routing table with detials and submit your NAT rule if you have so.
 
abab_rafiq
Member Candidate
Member Candidate
Topic Author
Posts: 118
Joined: Thu Aug 24, 2006 12:47 pm
Location: Dhaka

Re: Can't ping different Network in Policy Routing

Fri Sep 28, 2007 6:46 am

Dear sariao,
It is a fully running system and it is not possible to stop the system. Plz any other solutions ??

Thankx for your reply.

Rafiq...
 
User avatar
sariao
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Thu Jul 08, 2004 10:55 am
Location: Saudi Arabia

Re: Can't ping different Network in Policy Routing

Fri Sep 28, 2007 1:40 pm

Fine, then post your routing table with full details and your NAT, and Filter Rules.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], DanMos79, jvanhambelgium and 91 guests