MikroTik

Posted: **Mon Feb 26, 2018 2:20 pm**

Hey everyone!

I have MikroTik wAP. I have configured hotspot, so my network diagram looks like that:

2018-02-26 12_13_32-network_diagram - draw.io.png

My Raspberry Pi is added to hotspot's "IP Bindings" section to bypass authorization.
From WinBox I can see that both my PC and Pi are connected and IP addresses assigned as shown on a diagram above.

Both devices can go online and serf internet, but I cannot access the other devices. When i try to ping from my laptop "ping 10.0.0.2" i always get "Request timed out." and from my Pi I can't ping PC(10.0.0.254) as well.

Please help me to understand what am I missing in my configurations. I am newbie to internet setups, but i think something is wrong either with routing or my firewall.

Please see my configurations(if you need anything else, ask me, i ll post it here):

[admin@MikroTik - office] /ip firewall nat> /ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                                          
 0   ;;; defconf
     10.0.0.1/24        10.0.0.0        wlan1                                                                                                                                              
 1   10.1.1.1/24        10.1.1.0        guest-wifi                                                                                                                                         
 2 D 172.30.10.94/24    172.30.10.0     ether1        

[admin@MikroTik - office] /ip firewall nat> /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          172.30.10.1               1
 1 ADC  10.0.0.0/24        10.0.0.1        wlan1                     0
 2 ADC  10.1.1.0/24        10.1.1.1        bridge-guest-wifi         0
 3 ADC  172.30.10.0/24     172.30.10.94    ether1                    0


[admin@MikroTik - office] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; allows user manager to work with local hosts
      chain=input action=accept src-address=127.0.0.0/24 log=no log-prefix="" 

 2  D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth 

 3  D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth 

 4  D chain=input action=jump jump-target=hs-input hotspot=from-client 

 5  D chain=input action=drop protocol=tcp hotspot=!from-client dst-port=64872-64875 

 6  D chain=hs-input action=jump jump-target=pre-hs-input 

 7  D chain=hs-input action=accept protocol=udp dst-port=64872 

 8  D chain=hs-input action=accept protocol=tcp dst-port=64872-64875 

 9  D chain=hs-unauth action=return dst-address=10.0.0.2 

10  D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth 

11  D chain=hs-unauth action=reject reject-with=tcp-reset protocol=tcp 

12  D chain=hs-unauth-to action=return src-address=10.0.0.2 

[code][admin@MikroTik - office] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0  D chain=dstnat action=jump jump-target=hotspot hotspot=from-client 

 1  D chain=hotspot action=jump jump-target=pre-hotspot 

 2  D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53 

 3  D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53 

 4  D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=80 

 5  D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst dst-port=443 

 6  D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth 

 7  D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth 

 8  D chain=hs-unauth action=return dst-address=10.0.0.2 

 9  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80 

10  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128 

11  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080 

12  D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443 

13  D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25 

14  D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http 

15  D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25 

16 X  ;;; place hotspot rules here
      chain=unused-hs-chain action=passthrough 

17    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none 

18 X  ;;; masquerade hotspot network
      chain=srcnat action=masquerade src-address=192.168.88.0/24 log=no log-prefix="" 

19 X  chain=srcnat action=masquerade out-interface=wlan1 log=no log-prefix=""

Posted: **Mon Feb 26, 2018 2:51 pm**

it's most likely your firewall
try to disable all filters and see if it works

Posted: **Mon Feb 26, 2018 3:56 pm**

If you are using hotspot then you won't be able to ping between devices. Disable hotspot and you should find it will start working.

Posted: **Mon Feb 26, 2018 4:01 pm**

If you are using hotspot then you won't be able to ping between devices. Disable hotspot and you should find it will start working.

Ou, but is there any way to make it work still using hotspot? I need users connected to hotspot to be able to connect to my local web server(on static PI) :/

Posted: **Mon Feb 26, 2018 4:03 pm**

If you are using hotspot then you won't be able to ping between devices. Disable hotspot and you should find it will start working.
Ou, but is there any way to make it work still using hotspot? I need users connected to hotspot to be able to connect to my local web server(on static PI) :/

Not together. Do you need hotspot on the same network? Can't you run hotspot on it's own bridge away from your corporate network?

Posted: **Mon Feb 26, 2018 4:07 pm**

If you are using hotspot then you won't be able to ping between devices. Disable hotspot and you should find it will start working.
Ou, but is there any way to make it work still using hotspot? I need users connected to hotspot to be able to connect to my local web server(on static PI) :/
Not together. Do you need hotspot on the same network? Can't you run hotspot on it's own bridge away from your corporate network?

I have no preference of running them on the same network, i just thought it's possible to do. I m quite newbie in this topic. Could you please help me a little what is to be done?
Maybe at least with links where i could read up?
Thank you, Steveocee

Posted: **Mon Feb 26, 2018 4:08 pm**

if it's the firewall then you can add 2 rules:
1. allow ping from either your subnet or IP to the router (input chain on router)
2. allow ping from router to dst ip/subnet (output chain on router)

Posted: **Mon Feb 26, 2018 4:49 pm**

Do you have Default Forward enabled in wireless settings? Without it enabled, it creates client isolation.

MikroTik

Impossible to ping devices within same network

Impossible to ping devices within same network

Re: Impossible to ping devices within same network

Re: Impossible to ping devices within same network

Re: Impossible to ping devices within same network

Re: Impossible to ping devices within same network

Re: Impossible to ping devices within same network

Re: Impossible to ping devices within same network

Re: Impossible to ping devices within same network