Community discussions

MUM Europe 2020
 
pollo
just joined
Topic Author
Posts: 17
Joined: Tue Nov 24, 2009 1:09 am

ping not responding

Mon Dec 07, 2009 4:14 am

H i have a 1000u and /27 public subnet on wan I configured the dst and src nats also i did 1:1 mapping, Im able to do remote desktop, using the public address to local IPS, but i cant ping the address when servers connected, also did the filter rules icmp forward. Thanks in Advance..
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: ping not responding

Mon Dec 07, 2009 7:56 am

Post your firewall rules.
 
pollo
just joined
Topic Author
Posts: 17
Joined: Tue Nov 24, 2009 1:09 am

Re: ping not responding

Mon Dec 07, 2009 8:38 am

ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Added by webbox
     chain=input action=accept protocol=icmp 

 1   ;;; Added by webbox
     chain=input action=accept connection-state=established in-interface=NEPTUNO 

 2   ;;; Added by webbox
     chain=input action=accept connection-state=related in-interface=NEPTUNO 

 3   ;;; Added by webbox
     chain=input action=drop in-interface=NEPTUNO 

 4   ;;; Allow HTTP
     chain=forward action=accept protocol=tcp dst-port=80 

 5   ;;; Allow SMTP
     chain=forward action=accept protocol=tcp dst-port=25 

 6   ;;; allow TCP
     chain=forward action=accept protocol=tcp 

 7   ;;; allow ping
     chain=forward action=accept protocol=icmp 

 8   ;;; allow udp
     chain=forward action=accept protocol=udp 

 9   ;;; Allow POP-110
     chain=forward action=accept protocol=tcp dst-port=110 

10   chain=forward action=jump jump-target=icmp protocol=icmp 

11   ;;; allow echo request
     chain=icmp action=accept protocol=icmp icmp-options=8:0 

12   ;;; allow time exceed
     chain=icmp action=accept protocol=icmp icmp-options=11:0 

13   ;;; allow already established connections
     chain=icmp action=accept protocol=icmp icmp-options=3:1

14   ;;; allow source quench
     chain=icmp action=accept protocol=icmp icmp-options=4:0 

15   chain=icmp action=accept protocol=icmp icmp-options=12:0 

16   chain=icmp action=accept protocol=icmp icmp-options=12:0 

17   chain=icmp action=accept protocol=icmp icmp-options=12:0 

18   ;;; allow parameter bad
     chain=icmp action=accept protocol=icmp icmp-options=17:0 

19   chain=forward action=accept connection-state=established 

20   chain=forward action=accept connection-state=established
nat print      
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; Added by webbox
     chain=srcnat action=masquerade out-interface=NEPTUNO 

 1   chain=dstnat action=dst-nat to-addresses=11.11.11.3 to-ports=0-65535 protocol=tcp dst-address=2yy.yy.yyy.y9 dst-port=0-65535 

 2   chain=srcnat action=src-nat to-addresses=2yy.yy.yyy.y9 to-ports=0-65535 protocol=tcp src-address=11.11.11.3 src-port=0-65535 

 3   chain=srcnat action=netmap to-addresses=2yy.yy.yyy.y7 to-ports=0-65535 protocol=tcp src-address=11.11.11.1 src-port=0-65535 

 4   chain=dstnat action=netmap to-addresses=11.11.11.1 to-ports=0-65535 protocol=tcp dst-address=2yy.yy.yyy.y7 dst-port=0-65535 

 5   chain=srcnat action=src-nat to-addresses=2yy.yy.yyy.y0 to-ports=0-65535 protocol=tcp src-address=11.11.11.4 src-port=0-65535 

 6   chain=dstnat action=dst-nat to-addresses=11.11.11.4 to-ports=0-65535 protocol=tcp dst-address=2yy.yy.yyy.y0 dst-port=0-65535 

 7   chain=srcnat action=src-nat to-addresses=2yy.yy.yyy.y1 to-ports=0-65535 protocol=tcp src-address=11.11.11.5 src-port=0-65535 

 8   chain=dstnat action=dst-nat to-addresses=11.11.11.5 to-ports=0-65535 protocol=tcp dst-address=2yy.yy.yyy.y1 dst-port=0-65535 
Neptuno is gateway interface(wan), 2yy.yy.yyy.yX is public subnet/27 Thanks in advance.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5960
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ping not responding

Mon Dec 07, 2009 8:56 am

Your NAT rules clearly says protocol=tcp. Ping is not TCP protocol.
 
pollo
just joined
Topic Author
Posts: 17
Joined: Tue Nov 24, 2009 1:09 am

Re: ping not responding

Mon Dec 07, 2009 2:21 pm

but what about icmp thats ping or not
 
kirshteins
MikroTik Support
MikroTik Support
Posts: 592
Joined: Tue Dec 02, 2008 10:55 am

Re: ping not responding

Mon Dec 07, 2009 2:52 pm

Yes, ping is ICMP, but you do not have any NAT rule to forward it.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5960
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ping not responding

Mon Dec 07, 2009 2:53 pm

Yes, ping uses ICPM protocol.
 
pollo
just joined
Topic Author
Posts: 17
Joined: Tue Nov 24, 2009 1:09 am

Re: ping not responding

Mon Dec 07, 2009 3:31 pm

so i have to do a scrnat and dst nat with protocol icmp?

Do i have to select any interface setup.? thankss
 
pollo
just joined
Topic Author
Posts: 17
Joined: Tue Nov 24, 2009 1:09 am

Re: ping not responding

Mon Dec 07, 2009 3:51 pm

i tried that and didnt workout...
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: ping not responding

Wed Dec 09, 2009 10:56 am

works for me.

make sure you have set up everything correctly
srcnat you already have, in form of masquerade rule, you have to add dstnat rule for ICMP protocol packets so packets are forwarded through the router as previous posters suggested.

here are rules i have there:
0   chain=srcnat action=masquerade out-interface=Out
1   chain=dstnat action=dst-nat to-addresses=<some internal address> protocol=tcp dst-address=<some external address>
please pay attention when you read manual on how to configure NAT and firewall in RouterOS, these features have a lot options and you can brake your networking in a blink of an eye, if you set something you dont know anything about.
 
pollo
just joined
Topic Author
Posts: 17
Joined: Tue Nov 24, 2009 1:09 am

Re: ping not responding

Wed Dec 09, 2009 2:12 pm

Thanksss.

Who is online

Users browsing this forum: No registered users and 27 guests