Community discussions

MUM Europe 2020
 
firebat
Member
Member
Topic Author
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Can't ping gateway. What do I have configured wrong?

Mon Feb 26, 2007 9:22 am

This is my config:


1. RB153 with one wireless card.
2. ether1 and ether2 are disabled
3. ether3,4,5 are bridged with IP address 192.168.2.30 assigned to the Bridge1 interface.
4. WLAN1 is the single wireless card with IP 10.5.50.1/24
5. Default route is set to 192.168.2.2
6. no NAT is enabled

The bridge interface is connected to a cable modem on the 192.168.2/24 network.

Problem:
My wireless client can connect, gets assigned an IP address of 10.5.50.100 with gateway of 10.5.50.1, subnet mask of 255.255.255.0 . The client can ping the gateway 10.5.50.1 and the bridge interface 192.168.2.30. However, it can't ping 192.168.2.2 which is the cable modem attached to the bridge interface.

What do I have configured incorrectly?


RouterOS 2.9.40

/ interface ethernet
set ether1 name="ether1" mtu=1500 mac-address=00:0C:42:0D:06:3B arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default \
speed=100Mbps comment="" disabled=yes
set ether2 name="ether2" mtu=1500 mac-address=00:0C:42:0D:06:3C arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default \
speed=100Mbps comment="" disabled=yes
set ether3 name="ether3" mtu=1500 mac-address=00:0C:42:0D:06:3D arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default \
speed=100Mbps comment="" disabled=no
set ether4 name="ether4" mtu=1500 mac-address=00:0C:42:0D:06:3E arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default \
speed=100Mbps comment="" disabled=no
set ether5 name="ether5" mtu=1500 mac-address=00:0C:42:0D:06:3F arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default \
speed=100Mbps comment="" disabled=no
/ interface wireless
set wlan1 name="wlan1" mtu=1500 mac-address=00:80:48:41:50:80 arp=enabled disable-running-check=no \
radio-name="008048415080" mode=ap-bridge ssid="MikroTik" area="" frequency-mode=manual-txpower \
country=no_country_set antenna-gain=0 frequency=2422 band=2.4ghz-b/g scan-list=default \
rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps \
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps basic-rates-b=1Mbps \
basic-rates-a/g=6Mbps max-station-count=2007 ack-timeout=dynamic tx-power-mode=default \
noise-floor-threshold=default periodic-calibration=default periodic-calibration-interval=60 \
burst-time=disabled dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none \
wds-default-cost=100 wds-cost-range=50-150 wds-ignore-ssid=no update-stats-interval=disabled \
default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 \
default-client-tx-limit=0 proprietary-extensions=post-2.9.25 hide-ssid=no \
security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms preamble-mode=both \
compression=no allow-sharedkey=no comment="" disabled=no
/ interface wireless nstreme
set wlan1 enable-nstreme=no enable-polling=yes framer-policy=none framer-limit=3200
/ interface wireless manual-tx-power-table
set wlan1 manual-tx-powers=1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:\
17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17
/ interface wireless security-profiles
set default name="default" mode=static-keys-required authentication-types="" unicast-ciphers="" \
group-ciphers="" wpa-pre-shared-key="" wpa2-pre-shared-key="" tls-mode=no-certificates \
tls-certificate=none static-algo-0=104bit-wep static-key-0="65432109876543210987654321" \
static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none \
static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key="" \
radius-mac-authentication=no group-key-update=5m
add name="Hotspot" mode=none authentication-types="" unicast-ciphers="" group-ciphers="" \
wpa-pre-shared-key="" wpa2-pre-shared-key="" tls-mode=no-certificates tls-certificate=none \
static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none \
static-key-2="" static-algo-3=none static-key-3="" static-transmit-key=key-0 \
static-sta-private-algo=none static-sta-private-key="" radius-mac-authentication=no \
group-key-update=5m
/ interface wireless align
set frame-size=300 active-mode=yes receive-all=no audio-monitor=00:00:00:00:00:00 \
filter-mac=00:00:00:00:00:00 ssid-all=no frames-per-second=25 audio-min=-100 audio-max=-20
/ interface wireless access-list
add mac-address=00:09:7C:31:87:57 interface=wlan1 authentication=yes forwarding=yes ap-tx-limit=0 \
client-tx-limit=0 private-algo=none private-key="" comment="" disabled=no
/ interface wireless snooper
set multiple-channels=yes channel-time=200ms receive-errors=no
/ interface wireless sniffer
set multiple-channels=no channel-time=200ms only-headers=no receive-errors=no memory-limit=10 \
file-name="" file-limit=10 streaming-enabled=no streaming-server=0.0.0.0 streaming-max-rate=0
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2 \
default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30 \
default-profile=default-encryption
/ interface bridge
add name="bridge1" mtu=1500 arp=enabled stp=no priority=32768 ageing-time=5m forward-delay=15s \
garbage-collection-interval=5s hello-time=2s max-message-age=20s comment="" disabled=no
/ interface bridge port
add interface=ether3 bridge=bridge1 priority=128 path-cost=10 comment="" disabled=no
add interface=ether4 bridge=bridge1 priority=128 path-cost=10 comment="" disabled=no
add interface=ether5 bridge=bridge1 priority=128 path-cost=10 comment="" disabled=no
/ ip pool
add name="hs-pool-8" ranges=10.5.50.2-10.5.50.100
/ ip ipsec proposal
add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0 \
pfs-group=modp1024 disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.2 distance=1 scope=255 target-scope=10 comment="" \
disabled=no
/ ip dhcp-client
add interface=ether1 use-peer-dns=yes use-peer-ntp=yes comment="" disabled=yes
add interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes comment="" disabled=yes
/ ip dhcp-server
add name="dhcp1" interface=wlan1 lease-time=1h address-pool=hs-pool-8 bootp-support=static \
authoritative=after-2sec-delay disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=10.5.50.0/24 gateway=10.5.50.1 netmask=24 comment="hotspot network"
/ ip hotspot
add name="hotspot1" interface=wlan1 address-pool=hs-pool-8 profile=hsprof14 idle-timeout=5m \
keepalive-timeout=none addresses-per-mac=2 disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot rate-limit="" \
http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
split-user-domain=no use-radius=no
add name="hsprof14" hotspot-address=10.5.50.1 dns-name="mybroadband.com" html-directory=hotspot \
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap \
http-cookie-lifetime=3d split-user-domain=no use-radius=no
add name="hsprof15" hotspot-address=10.5.60.1 dns-name="hs.mybroadband.com" \
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 \
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user
add name="user1" password="xxxxxx" profile=default comment="" disabled=no
add name="admin" password="xxxxxx" profile=default comment="" disabled=no
/ ip hotspot user profile
set default name="default" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m \
shared-users=1 transparent-proxy=yes open-status-page=always advertise=no
/ ip proxy
set enabled=no src-address=0.0.0.0 port=8080 parent-proxy=0.0.0.0:0 cache-administrator="webmaster" \
max-disk-cache-size=none max-ram-cache-size=unlimited cache-only-on-disk=no \
maximal-client-connections=1000 maximal-server-connections=1000 max-object-size=4096KiB \
max-fresh-time=3d
/ ip proxy access
add dst-port=23-25 action=deny comment="block telnet & spam e-mail relaying" disabled=no
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=192.168.2.2 secondary-dns=0.0.0.0 allow-remote-requests=no cache-size=2048KiB \
cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s
/ ip address
add address=192.168.2.30/24 network=192.168.2.0 broadcast=192.168.2.255 interface=bridge1 comment="" \
disabled=no
add address=10.5.50.1/24 network=10.5.50.0 broadcast=10.5.50.255 interface=wlan1 comment="" \
disabled=no
/ ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set bridge1 discover=yes
set wlan1 discover=yes
/ ip firewall nat
add chain=srcnat src-address=10.0.50.1 action=masquerade comment="" disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s udp-stream-timeout=3m \
icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=yes
/ system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/ system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet enter-setup-on=any-key \
cpu-mode=power-save memory-test=no cpu-frequency=175MHz boot-protocol=bootp \
enable-jumper-reset=yes
/ system logging
add topics=info prefix="" action=memory disabled=no
add topics=error prefix="" action=memory disabled=no
add topics=warning prefix="" action=memory disabled=no
add topics=critical prefix="" action=echo disabled=no
add topics=info prefix="" action=memory disabled=no
add topics=error prefix="" action=memory disabled=no
add topics=warning prefix="" action=memory disabled=no
add topics=critical prefix="" action=echo disabled=no
/ system logging action
set memory name="memory" target=memory memory-lines=100 memory-stop-on-full=no
set disk name="disk" target=disk disk-lines=100 disk-stop-on-full=no
set echo name="echo" target=echo remember=yes
set remote name="remote" target=remote remote=0.0.0.0:514
/ system upgrade upgrade-package-source
add address=192.168.2.40 user="" password=""
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=""
/ system clock manual
set time-zone=+00:00 dst-delta=+00:00 dst-start="jan/01/1970 00:00:00" dst-end="jan/01/1970 \
00:00:00"
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m \
automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term="" disabled=no
/ system identity
set name="MikroTik"
/ system note
set show-at-login=yes note=""
/ port
set serial0 name="serial0" baud-rate=115200 data-bits=8 parity=none stop-bits=1 flow-control=none
/ ppp profile
set default name="default" use-compression=default use-vj-compression=default use-encryption=default \
only-one=default change-tcp-mss=yes comment=""
set default-encryption name="default-encryption" use-compression=default use-vj-compression=default \
use-encryption=yes only-one=default change-tcp-mss=yes comment=""
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 \
red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514
add name="PCQ" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name="default-small" kind=pfifo pfifo-limit=10
/ queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set bridge1 queue=default
set wlan1 queue=wireless-default
/ queue tree
add name="queue1" parent=global-in packet-mark="" limit-at=0 queue=PCQ priority=8 max-limit=0 \
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ tool user-manager customer
add subscriber=admin login="admin" password="" time-zone=+00:00 permissions=owner parent=admin \
comment="" disabled=no
add subscriber=mikrotik login="mikrotik" password="" time-zone=+00:00 permissions=owner \
parent=mikrotik comment="" disabled=no
/ tool user-manager user
add subscriber=admin name="joe" password="xxxxxx" comment="" disabled=no
add subscriber=admin name="00:09:7C:31:xx:xx" password="xxxxxx" ip-address=10.5.50.253 comment="" \
disabled=no
/ tool user-manager router
add subscriber=admin name="admin" ip-address=192.168.2.30 shared-secret="xxxxxx" \
log=auth-ok,auth-fail,acct-fail comment="" disabled=no
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from="<>"
/ tool sniffer
set interface=ether2 only-headers=no memory-limit=100 file-name="" file-limit=100 \
streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes filter-protocol=all-frames \
filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ user
add name="admin" group=full address=0.0.0.0/0 comment="system default user" disabled=no
/ user group
add name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no \
redistribute-rip=no redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 \
metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate authentication=none \
disabled=no
/ routing bgp instance
set default name="default" as=1 router-id=0.0.0.0 redistribute-connected=no redistribute-static=no \
redistribute-rip=no redistribute-ospf=no redistribute-other-bgp=no out-filter="" \
client-to-client-reflection=yes ignore-as-path-len=no comment="" disabled=yes
/ routing rip
set distribute-default=never redistribute-static=no redistribute-connected=no redistribute-ospf=no \
redistribute-bgp=no metric-default=1 metric-static=1 metric-connected=1 metric-ospf=1 \
metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m
/ routing rip interface
add interface=all receive=v2 send=v2 authentication=none authentication-key="" key-chain="" \
in-filter="" out-filter="" disabled=yes
/ radius
add service=wireless called-id="" domain="" address=192.168.2.30 secret="xxxxxx" \
authentication-port=1812 accounting-port=1813 timeout=300ms accounting-backup=no realm="" \
comment="" disabled=no
/ radius incoming
set accept=yes port=1700
/ snmp
set enabled=yes contact="" location=""
/ snmp community
set public name="public" address=0.0.0.0/0 read-access=yes
[admin@MikroTik] >
 
galaxynet
Long time Member
Long time Member
Posts: 648
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Mon Feb 26, 2007 5:01 pm

Firebat -
Looking at what you have written I did not see anywhere that you mentioned having the cable modem (192.168.2.2) route your 10.5.50.1/24 network packets back to the MT router at 192.168.2.30. This would be required if you are not NATing the output packets from your MT.

Also I doubt the cable modem would know to NAT your 10.5.50.1/24 network packets as well. It was probably already programmed w/192.168.2.0/?? and is NATing these packets only....

You can test this by setting the IP of a cpu to an address in your 10.5.50.0/24 network, connect to the same interface as the MT is/would be connected to and try to do anything... I think you'll find that you can't 'go' anywhere - because of the reason given above.

So you either have to NAT the packets from 10.5.50.0/24 to a 192.168.2.XXX address before they leave your MT or program your cable router to accept packets with a 10.5.50.0/24 address and NAT them appropriately for the cable system and route the packets returning to 10.5.50.0/24 to your MT at 192.168.2.20.

Thom
 
firebat
Member
Member
Topic Author
Posts: 390
Joined: Mon Apr 11, 2005 8:38 am

Tue Feb 27, 2007 6:49 am

:oops: You are right. Not sure what I was thinking. The NATing on the outgoing interface (birdge) which is on the same subset as the cable modem perplexed me a bit as the bridgeinterface didn't need any NAT. I went ahead and configured it and all is working OK. Thanks for the help. :)

Who is online

Users browsing this forum: angriukas, EdPa, Schlimmerfinger, vstrkz and 32 guests