Community discussions

MUM Europe 2020
 
ilja
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Thu Feb 22, 2018 1:15 pm

Impossible to ping devices within same network

Mon Feb 26, 2018 2:20 pm

Hey everyone!

I have MikroTik wAP. I have configured hotspot, so my network diagram looks like that:
2018-02-26 12_13_32-network_diagram - draw.io.png
My Raspberry Pi is added to hotspot's "IP Bindings" section to bypass authorization.
From WinBox I can see that both my PC and Pi are connected and IP addresses assigned as shown on a diagram above.

Both devices can go online and serf internet, but I cannot access the other devices. When i try to ping from my laptop "ping 10.0.0.2" i always get "Request timed out." and from my Pi I can't ping PC(10.0.0.254) as well.

Please help me to understand what am I missing in my configurations. I am newbie to internet setups, but i think something is wrong either with routing or my firewall.

Please see my configurations(if you need anything else, ask me, i ll post it here):
[admin@MikroTik - office] /ip firewall nat> /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                                          
 0   ;;; defconf
     10.0.0.1/24        10.0.0.0        wlan1                                                                                                                                              
 1   10.1.1.1/24        10.1.1.0        guest-wifi                                                                                                                                         
 2 D 172.30.10.94/24    172.30.10.0     ether1        

[admin@MikroTik - office] /ip firewall nat> /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          172.30.10.1               1
 1 ADC  10.0.0.0/24        10.0.0.1        wlan1                     0
 2 ADC  10.1.1.0/24        10.1.1.1        bridge-guest-wifi         0
 3 ADC  172.30.10.0/24     172.30.10.94    ether1                    0


[admin@MikroTik - office] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; allows user manager to work with local hosts
      chain=input action=accept src-address=127.0.0.0/24 log=no log-prefix="" 

 2  D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth 

 3  D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth 

 4  D chain=input action=jump jump-target=hs-input hotspot=from-client 

 5  D chain=input action=drop protocol=tcp hotspot=!from-client dst-port=64872-64875 

 6  D chain=hs-input action=jump jump-target=pre-hs-input 

 7  D chain=hs-input action=accept protocol=udp dst-port=64872 

 8  D chain=hs-input action=accept protocol=tcp dst-port=64872-64875 

 9  D chain=hs-unauth action=return dst-address=10.0.0.2 

10  D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth 

11  D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp 

12  D chain=hs-unauth-to action=return src-address=10.0.0.2 

[code][admin@MikroTik - office] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D chain=dstnat action=jump jump-target=hotspot hotspot=from-client 

 1  D chain=hotspot action=jump jump-target=pre-hotspot 

 2  D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53 

 3  D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53 

 4  D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80 

 5  D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443 

 6  D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth 

 7  D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth 

 8  D chain=hs-unauth action=return dst-address=10.0.0.2 

 9  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80 

10  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128 

11  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080 

12  D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443 

13  D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25 

14  D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http 

15  D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25 

16 X  ;;; place hotspot rules here
      chain=unused-hs-chain action=passthrough 

17    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none 

18 X  ;;; masquerade hotspot network
      chain=srcnat action=masquerade src-address=192.168.88.0/24 log=no log-prefix="" 

19 X  chain=srcnat action=masquerade out-interface=wlan1 log=no log-prefix="" 
You do not have the required permissions to view the files attached to this post.
 
trutec
just joined
Posts: 11
Joined: Mon Mar 06, 2017 3:19 pm

Re: Impossible to ping devices within same network

Mon Feb 26, 2018 2:51 pm

it's most likely your firewall
try to disable all filters and see if it works
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1115
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Impossible to ping devices within same network

Mon Feb 26, 2018 3:56 pm

If you are using hotspot then you won't be able to ping between devices. Disable hotspot and you should find it will start working.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
ilja
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Thu Feb 22, 2018 1:15 pm

Re: Impossible to ping devices within same network

Mon Feb 26, 2018 4:01 pm

If you are using hotspot then you won't be able to ping between devices. Disable hotspot and you should find it will start working.
Ou, but is there any way to make it work still using hotspot? I need users connected to hotspot to be able to connect to my local web server(on static PI) :/
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1115
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Impossible to ping devices within same network

Mon Feb 26, 2018 4:03 pm

If you are using hotspot then you won't be able to ping between devices. Disable hotspot and you should find it will start working.
Ou, but is there any way to make it work still using hotspot? I need users connected to hotspot to be able to connect to my local web server(on static PI) :/
Not together. Do you need hotspot on the same network? Can't you run hotspot on it's own bridge away from your corporate network?
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
ilja
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Thu Feb 22, 2018 1:15 pm

Re: Impossible to ping devices within same network

Mon Feb 26, 2018 4:07 pm

If you are using hotspot then you won't be able to ping between devices. Disable hotspot and you should find it will start working.
Ou, but is there any way to make it work still using hotspot? I need users connected to hotspot to be able to connect to my local web server(on static PI) :/
Not together. Do you need hotspot on the same network? Can't you run hotspot on it's own bridge away from your corporate network?
I have no preference of running them on the same network, i just thought it's possible to do. I m quite newbie in this topic. Could you please help me a little what is to be done?
Maybe at least with links where i could read up?
Thank you, Steveocee
 
trutec
just joined
Posts: 11
Joined: Mon Mar 06, 2017 3:19 pm

Re: Impossible to ping devices within same network

Mon Feb 26, 2018 4:08 pm

if it's the firewall then you can add 2 rules:
1. allow ping from either your subnet or IP to the router (input chain on router)
2. allow ping from router to dst ip/subnet (output chain on router)
 
2frogs
Long time Member
Long time Member
Posts: 542
Joined: Fri Dec 03, 2010 1:38 am

Re: Impossible to ping devices within same network

Mon Feb 26, 2018 4:49 pm

Do you have Default Forward enabled in wireless settings? Without it enabled, it creates client isolation.

Who is online

Users browsing this forum: allstarcomps and 26 guests