MikroTik

Hi all,
having as very strange issue with the above routerboard. IOS 5.12/2.38

port 1 - ip 192.168.1.254/24
port 2-5 switched - port 2 has IP 172.16.32.1/24

now,
I can ping all hosts from network 172.16.32.0/24 to 192.168.1.0/24
I can ping all hosts from network 192.168.1.0/24 to 172.16.32.0/24

I can initiate any TCP connection from network 192.168.1.0/24 to 172.16.32.0/24 hosts

BUT I can NOT initiate any TCP connection from network 172.16.32.0/24 to 192.168.1.0 hosts. I as soon as a connection from host in network 192.168.1.0/24 to a host in network 172.16.32.0 has been established, I can establish new TCP connection from host in 172.16.32.0/24 net to host in 192.168.1.0/24 network which has initially established a connection.

It looks like a ARP issue, though looking at the MT router the ARP entries of the hosts I try to reach are there. Again, ICMP is working both sites.
The MT is default setup, therefore no other filters/rules etc installed, except as specified, ip address and routes

I am very on the edge to throw something therefore, appreciate any help! The issue is that the MTh is in production, I am in the Pacific all all other MT's with GB interface are also in production and can not be removed.

I am wondering if somebody can verify if this is an issue with the particular board/IOS.

Thanks

Mat

Interesting... Are you sure there aren't any NAT rules doing something strange?

If you want to send me a backup/export, I can test on some RB750GL's we have in stock.

Nope no NAT rules - still would not explain why ICMP traffic works both ways!?

Thanks for having a look at it.

Mat

PS. please note that this is the original example and network 192.168.1.0/24 as explained above is in reality 200.200.200.0/24 due to some IT crack up.

Hi Mat,

Restored your backup to our own RB750GL and everything works as expected. I can ping both ways, and connect to a file share to/from either system.

The only things I can think of now is:

- Check that MAC addresses are valid on your equipment and on the MikroTik's interfaces (ie. I've seen strange 00:00:00:00:00:00 MAC addresses cause problems from older equipment).
- Check that you don't have a firewall enabled on either system you're trying to connect to, or if you do that ports are open and the firewall is bound to the right adapter/IP address?
- Failing that, check the Torch on Ether2 and Ether5 when you try to connect. That should tell you which direction it's breaking.
- Check your ARP table under Switch -> Host to see if you see any strange entries in there.

Keep me posted with your findings!

Thanks a lot for this verification. I am very appreciating this. Oh, i guess you did test to initiate the connection from the 172.16.32.0 network frist, as the other way round all seems to be working and as soon as the ARP is learned on the MT or (maybe it ESXi) it works both ways for me too.

BTW, I am sooo not looking forward to reboot their ESXi servers.... they have not rebooted them since over a year....

keep you posted.

Thanks

Mat

All

I want to thank all for the effort in speeding troubleshooting up. How could I even think it might have to do with MT router there are great products!

The issue was with prime gateway, something wrong, though, can not reboot the device. Changing default GW to Microtik router for particular server within 192.168.1.0/24 network solved at least temporary the issue.

I am just looking forward to replace all routers with MT to get rid of such crazy issues.

Mat

Glad it worked out, and I could help!

I'd appreciate forum Karma if you think I helped enough!