Community discussions

MikroTik App
 
netruitus

Neighbour public IP doesn't work

Mon Aug 01, 2022 3:48 pm

Hello,

I want to point it out at the start that I’m not an owner of any router running under RouterOS. I’m writing this message in the name of my good friend and neighbour which bought MikroTik RB750Gr3. He’s not experienced in MikroTik routers, neither am I, but I have a better understanding of problem and router configuration. Therefore, that’s the reason he didn’t post here himself.

We both have the same ISP, connected to the same network point and not separated by ISP (I confirmed that with ISP support). We also both have the external IP address from the same subnet. No matter which of us will host some service, everyone can reach it except we cannot reach each other. I’m getting timeout for any request to my neighbour and my neighbour gets “host unreachable” with his own public IP address when trying to reach me. Besides that, he has no issues to connect to any other IP address (at least outside the ISP subnet). ISP support suggests there is something wrong with MikroTik router’s configuration, but I’m not familiar with it and none of my ideas actually worked. I’m looking for guidance here. I can only add that the route list is correct.

Thank you in advance for any help.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 3:59 pm

What method is used?
DHCP? PPPoE? etc.?
What are the two WAN addesses? And Subnet? And Gateway?

Do not publish your real addresses,
but use, for example, at start 77.99.55.xxx/yy but the true xxx/yy for all addresses
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 4:30 pm

everyone can reach it except we cannot reach each other

The problem sounds analogous to the hairpin NAT problem, the difference being that it's pushed one layer out, into your ISP's border routers. The logic might be something like "If the source IP belongs to one of our customers, the destination cannot possibly be another of our customers, but only to something out on the wider Internet, so drop it, it's clearly bogus."

If that's right, only your ISP can fix this, if they even want to.

Beware that it's against the ToS for you to be doing what you're attempting with some ISPs, so making too many waves might get your account canceled. Check the rules before pursuing this.
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 4:33 pm

use, for example, at start 77.99.55.xxx/yy

Virtually every IPv4 address belongs to someone now. That one is part of Virgin Media UK's 77.99.0.0/16 range.

Recommend instead use of these special RFC5735 address ranges:

  • TEST-NET-1: 192.0.2.0/24
  • TEST-NET-2: 198.51.100.0/24
  • TEST-NET-3: 203.0.113.0/24

These are reserved for examples and will never be assigned to real uses.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 4:57 pm

those numbers weren't random... :wink:
 
netruitus

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 6:03 pm

What method is used?
DHCP? PPPoE? etc.?
What are the two WAN addesses? And Subnet? And Gateway?
Thank you for quick response.
Both routers are configured with DHCP.

Both IP addresses are xxx.xxx.xxx.xxx/22 connected to the same gateway xxx.xxx.xxx.xxx (not sure how much I should go into detail here).
everyone can reach it except we cannot reach each other

The problem sounds analogous to the hairpin NAT problem, the difference being that it's pushed one layer out, into your ISP's border routers. The logic might be something like "If the source IP belongs to one of our customers, the destination cannot possibly be another of our customers, but only to something out on the wider Internet, so drop it, it's clearly bogus."

If that's right, only your ISP can fix this, if they even want to.
Unfortunately, I was in contact with my ISP for almost an hour and they are sure there is absolutely nothing on their side to block our connection. Also, the difference in connection responses (timeout from my side vs "host unreachable" from friend's side) doesn't sound like it.
Last edited by netruitus on Wed Apr 26, 2023 10:34 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 6:13 pm

ok same gateway.

only your wisp can unlock this for you, on two way:
1) change one IP with one on another block
2) hope the ISP have network engiiner than can solve wiwth "two routes"...
 
netruitus

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 6:15 pm

ok same gateway.

only your wisp can unlock this for you, on two way:
1) change one IP with one on another block
2) hope the ISP have network engiiner than can solve wiwth two routes....
So it's really nothing with MikroTik router? Even considering different network responses?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 6:17 pm

But if your ISP give the same gateway for both of us, your device can't reach your friend if the ISP router have everytime the gateway IP

It's hard to explain on english, because I'm italian.

Your ISP router search your friend on... the same ethernet where is the gateway... and is the local machine
 
netruitus

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 6:19 pm

But if your ISP give the same gateway for both of us, your device can't reach your friend if the ISP router have everytime the gateway IP

It's hard to explain on english, because I'm italian.

Your ISP router search your friend on... the same ethernet where is the gateway... and is the local machine
I understand what you mean. Thank you.
I will wait one day, because maybe there will be yet another explanation. :) If not, I will contact my ISP once more.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 6:33 pm

Sorry, but I use the same method, because this way no single IP is wasted, as now IPv4s are out of stock ...

But unlike that ISP, which does not seem to me to know what it does,
if someone has such a problem, I solve it immediately,
putting the Public IPs on two different pools... nothing easier...
(trivially it would be enough to change the two gateways and leave the same Public IPs)

But.. can you reach each other via IPv6???

Just an idea... one "IPv6 tunnel" and you can reach you respective LAN or what you want...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 6:40 pm

What is the difference of IP (not put the real numbers) between yours?
For example if one is 10.0.2.53 the other is 10.0.2.72 the difference is 29
 
netruitus

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 6:48 pm

But.. can you reach each other via IPv6???

Just an idea... one "IPv6 tunnel" and you can reach you respective LAN or what you want...
Unfortunately, my ISP doesn't support IPv6 yet...

What is the difference of IP (not put the real numbers) between yours?
For example if one is 10.0.2.53 the other is 10.0.2.72 the difference is 29
My bad. One IP is xxx.xxx.xxx.xxx and the other one is xxx.xxx.xxx.xxx. But still, they are both in the same subnet and connected to the same gateway.
Last edited by netruitus on Wed Apr 26, 2023 10:34 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 6:57 pm

Your IP are static or dynamic?

The only thing that I suggest, is contact your ISP to change the IP used on another block

All ISP IPs on that block: 77.92.32.0/19 (77.92.32.0 ... 77.92.63.255)
Your pool: 77.92.52.0 ... 77.92.55.255
Ask one IP outside that pool (if possible)...

If your ISP can assign any IP outside that pool, and firewall allow comunication between users, is done...
 
netruitus

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 7:02 pm

Your IP are static or dynamic?
Static, but assigned by DHCP.
Ask one IP outside that pool (if possible)...

If your ISP can assign any IP outside that pool, and firewall allow comunication between users, is done...
Understood. I will contact them. They were curious what is wrong with our connections, so I assume they will be happy to try new IP address outside the pool.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 7:22 pm

Really the ISP do not figure what is the problem???


If you have 10.0.1.11/22 (/22!!!) and 10.0.0.1 as gateway, and other user have 10.0.2.22/22 and the same 10.0.0.1 gateway, what happen?

If 10.0.1.11 want contact 10.0.2.22 on internal routes are already present the dynamic-connected 10.0.0.0/22 with distance 0!!!,
and that mean than the router search the other IP not outside, like other servers,
but inside the same WAN port, like is a switch present and the other router WAN is directly connected, but is not that.... and fail.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 9:46 pm

But if your ISP give the same gateway for both of us, your device can't reach your friend if the ISP router have everytime the gateway IP
I'll try to explain it in English - when two devices are in the same subnet on an Ethernet (or similar) interface, they normally do not use any gateway to talk to each other; instead, the sender sends an ARP request "who has IP x.x.x.x" to determine the MAC address of the destination, and if it gets a response, it sends the packet to that MAC adddress. In access networks of most ISPs who use Ethernet with direct IP assignment (i.e. no PPPoE), customers in the same subnet are connected to the same "switch", but there is "port isolation" in place, preventing Ethernet frames to get from one customer's equipment to another (intentionally). And if the ISP is big enough, the support guy you've talked to may not even know about this. If this is indeed the root cause of your issue, what might help (it did in my case) would be to add a route to your.ip.add.ress/32 via the same gateway IP given by the ISP, because a more narrow destination (longer prefix) always overrides a wider one, no matter what the distance is. But in order that it worked, the same has to be configured also on your router, and as it is not a Mikrotik one, I have no idea whether it is possible or not.

There may also be a misconfiguration at one of the routers, so before you start finding out, I'd recommend you to run /tool sniffer quick ip-adress=your.ip.add.ress ip-protocol=icmp on your friend's Mikrotik while you'll be pinging his address. If nothing arrives there, chances are high that there is the port isolation.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Mon Aug 01, 2022 10:46 pm

Thanks.... :mrgreen:
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: Neighbour public IP doesn't work

Tue Aug 02, 2022 12:01 am

This not an easy one. Many things can be wrong, and you have no access, not even a view on the uplink network topology.

What the ISP says, is correct, or is not. I have had many "words" with ISP support, disagreeing with the helpdesk.
There was the risk of being terminated as subscription, while trying to get to the second or third level support.
Its a balancing act. Even if you have the proof in your hands, they may not agree, and see it differently.

So being careful in the communication, try to find out what the real topology is.

What can be wrong? As @sindy already explained, it is common practice to "disable port forwarding" in a switch between clients.

But there is also the IP routing protocol, that optimises on its own, based on assumptions, that may not be there;
IP routing assumes, that IP traffic, in the same subnet, coming in and going out through the same interface, could communicate directly without involving that router.
May be true, may be not true! (eg. the switch port forwarding cfr @sindy, but also the "horizon" set on routers or on bridges. (name for this is Vendor dependent)
Interfaces on a MT bridge with the same "horizon" value , will not communicate. (I do use this quite often, to make the network tree-like)
The uplink has a different horizon value, all downlink ports have the same horizon value. Nodes on the downlink ports cannot communicate with nodes on the other downlink ports. Eliminates broadcast storms, or bonjour storms, or NBT master browser elections in windows, etc etc.
The clients can only communicate over the uplink router. Who optimises, and eg. sends an ICMP redirect to the clients : "don't use this way, you can go directly without me" , what is actually not true.

How to find out? Name your connection A, your neighbors on the same subnet B.
You probably can PING A from the internet. Idem dito for B. Test it. If A cannot PING B , and B cannot PING A, then that direct communication is broken.
Well you can check in A if you get a MAC address for B , in the ARP table. You can try to send ARP requests (who has IP xxxxx?), or reverse ARP requests (what IP has yy:yy:yy:yy:yy:yy)
If no ARP can be found, then direct communication is a problem. I would not be surprised. (Cable modem ISP is all on the same cable, No problem there)
You can sniff the WAN links for ICMP messages. (redirects and others) Also then you could see broadcasts, and packets send to A or B.
Let's hope there is no assymetric flow (A->B is not the B>A path) Statefull inspection firewalls will not allow for this, they even randomise TCP packet numbers on the fly. What prevents session spoofing.


How to solve.
As @sindy already suggested, try to get both routers with their addresses A and B , to be in different subnets, at least for what A and B thinks the subnets are.
So give them a smaller subnet than the ISP subnet. A must see B in a different subnet, and will always use the uplink router. Idem dito for B.
You may have to disable DHCP client, and copy that information manually in the WAN interface of A and B. (Let's hope the gateay does not change IP addresses over time)
You can also disable "accept-redirects (yes | no; Default: no) Whether to accept ICMP redirect messages." on A and B. But A and B must be in separate subnets , to use the gateway in the first attempt.

Proxy ARP on the gateway is in the hands of the ISP.
Static ARP in A and B using the gateway MAC for B and A IP addresses , is just trying to make A and B comm go over the gateway.

No luck? Quite possible.

Then the ICE (STUN and TURN) techniques may be required to reach each other. This techniques are using a public IP server to initiate the connection, and gradually run down the need for the IP server to be in the flow. STUN is using UDP hole punching to get through a firewall and resolve NAT. TURN will permanently use the cloud IP server. (And this works almost always)
Known providers to me are "Zerotier" and "Hamachi Logmein". "Teamviewer" is similar, just as "GoToMyPC", "VNC" be it for defeating NAT and firewalls, their initial setup should work, until the explained 'network split' has to be crossed, there it will fail. There are alternatives ... as softwares .

Maybe use Traceroute to find the sequence of routing steps for A and for B. What is common? (probably all) What steps work if they point to each other?
 
netruitus

Re: Neighbour public IP doesn't work

Tue Aug 02, 2022 2:04 pm

Maybe use Traceroute to find the sequence of routing steps for A and for B. What is common? (probably all) What steps work if they point to each other?
Regarding the rest, I will find some time today to test as much of what you suggested as it is possible.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Neighbour public IP doesn't work

Thu Aug 04, 2022 12:54 am

if someone has such a problem, I solve it immediately,
putting the Public IPs on two different pools... nothing easier...
Why not proxy ARP? What if all your customers with public addresses wanted to communicate with each other? Isn't it kind of stupid (no offence) to give customers public addresses that can be used to communicate with whole world, but not with their next-door neighbours (with public addresses from same ISP)? It's something that should work by default, shouldn't it?

My home ISP has same (or similar) problem. They don't intentionally block L3 traffic between public addresses, but they do block L2, so ARP doesn't pass. Which together with public addresses in /26 subnet results in different addresses not being able to communicate when using default config.

It doesn't bother me too much, because with RouterOS devices I have enough ways how to solve it. I can add static ARP records, target addresses with MAC address of gateway (not ideal, because it can change). Or add static routes, target addresses via gateway. Or just drop netmask and switch to point to point (/ip address add interface=WAN address=<my public address>/32 network=<address of gateway>, which is nice and clean, plus very simple, because ISP uses manual config (addresses on paper, which I like very much).

But another guy who bought some regular consumer router (it had nice big antennas) is screwed, because any "unusual" config is problem there. I've been trying to convince ISP's technician to do something about it, he seems to agree that proxy ARP would work, only he somehow didn't get to it since last year. Again, everything I need to work is ok (thanks RouterOS!), but I still don't undestand why someone designs network in a way that it doesn't work automatically. Am I missing something?
 
netruitus

Re: Neighbour public IP doesn't work

Thu Aug 04, 2022 5:58 pm

We finally could check few ideas and advices, so here is what we know now:
- We were wrong about an access to my neighbours. No one can reach his server. There was misunderstanding with our mutual friend.
- My friend can expose something and reach it via public IP, even ping himself the same way. But as mentioned above, no one can do the same, no matter which network is used.
- We also tried sniffer, but no results. I checked firewall rules and ICMP is allowed.
I have no ideas besides his public IP is misconfigured on ISP side (but as I have no experience here, I might be totally wrong).
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Neighbour public IP doesn't work

Thu Aug 04, 2022 11:10 pm

I have no ideas besides his public IP is misconfigured on ISP side (but as I have no experience here, I might be totally wrong).
When he opens something like https://wtfismyip.com in a browser on the LAN of his router, does it show the address the ISP has assigned him?
 
netruitus

Re: Neighbour public IP doesn't work

Fri Aug 05, 2022 12:57 pm

I have no ideas besides his public IP is misconfigured on ISP side (but as I have no experience here, I might be totally wrong).
When he opens something like https://wtfismyip.com in a browser on the LAN of his router, does it show the address the ISP has assigned him?
Yes, it does.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Neighbour public IP doesn't work

Fri Aug 05, 2022 1:09 pm

Yes, it does.
In that case, the setting of the IP address itself is correct. So to move ahead, post an anonymized export of the configuration of the router (change the public IP address as per my automatic signature below, remove the serial number), so that I could give you the exact command line for the sniffer to see what is going on.
 
netruitus

Re: Neighbour public IP doesn't work

Wed Aug 10, 2022 1:20 pm

In that case, the setting of the IP address itself is correct. So to move ahead, post an anonymized export of the configuration of the router (change the public IP address as per my automatic signature below, remove the serial number), so that I could give you the exact command line for the sniffer to see what is going on.
Here it is:
<REMOVED>

<ADDED>
<REMOVED>
Last edited by netruitus on Wed Apr 26, 2023 10:34 am, edited 2 times in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Neighbour public IP doesn't work

Wed Aug 10, 2022 2:04 pm

@netruitus do not use 3rd party sites for monetizing, or not.
You can add any attachment you want when you make any new post,
without the explosion of banners and advertisements, whether it makes you money or not.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Neighbour public IP doesn't work

Wed Aug 10, 2022 2:16 pm

I'll try to explain it in English -
What were the other options, Latin?
Oh I get it, it was a backwards slam on rextendeds unique blend of communication skills.
I will drink to that........... nice one!! ;-)
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Neighbour public IP doesn't work

Wed Aug 10, 2022 2:46 pm

Note: instead of pasting the export to an external web, place it here directly into the post, between [code] and [/code] tags.

OK, so the setup is the simplest one possible.

So open a command line window (e.g. using the [New Terminal] button in Winbox), make it as wide as your screen allows, and run /tool sniffer quick interface=ether1 ip-protocol=icmp in it. Then ping the public address from your home (or from another neighbor with public address) for 10 seconds; next, ping it for another 10 seconds from somewhere else (a PC connected to a mobile hotspot). Then stop the sniffing (press Ctrl-C) and paste the output of the sniffer here (edit the IP addresses before posting).
 
netruitus

Re: Neighbour public IP doesn't work

Wed Aug 10, 2022 8:41 pm

@netruitus do not use 3rd party sites for monetizing, or not.
You can add any attachment you want when you make any new post,
without the explosion of banners and advertisements, whether it makes you money or not.
Note: instead of pasting the export to an external web, place it here directly into the post, between [code] and [/code] tags.
I'm sorry. And thank you for correcting me.
So open a command line window (e.g. using the [New Terminal] button in Winbox), make it as wide as your screen allows, and run /tool sniffer quick interface=ether1 ip-protocol=icmp in it. Then ping the public address from your home (or from another neighbor with public address) for 10 seconds; next, ping it for another 10 seconds from somewhere else (a PC connected to a mobile hotspot). Then stop the sniffing (press Ctrl-C) and paste the output of the sniffer here (edit the IP addresses before posting).
The only moment we got anything from sniffer was during pinging neighbor IP address from my mobile phone. Nothing happened when I was trying to ping him from my IP address. Here is a sniffing result:
INTERFACE                        TIME    NUM DI SRC-MAC           DST-MAC           VLAN   SRC-ADDRESS                        
ether1                         14.083     50 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                         14.092     51 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        1.1.1.1                            
ether1                         14.629     52 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                          14.64     53 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        8.8.8.8                            
ether1                         15.174     54 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                         15.183     55 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        1.1.1.1                            
ether1                         15.765     56 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                         15.777     57 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        8.8.8.8                            
ether1                         16.297     58 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                         16.307     59 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        1.1.1.1                            
ether1                         16.429     60 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        <MY MOBILE IP>                       
ether1                         16.429     61 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                         16.865     62 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                         16.877     63 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        8.8.8.8                            
ether1                         17.389     64 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        <MY MOBILE IP>                       
ether1                         17.389     65 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                         17.429     66 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                         17.439     67 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        1.1.1.1                            
ether1                         17.974     68 -> XX:XX:XX:XX:XX:XX YY:YY:YY:YY:YY:YY        <NEIGHBOR IP>                       
ether1                         17.986     69 <- YY:YY:YY:YY:YY:YY XX:XX:XX:XX:XX:XX        8.8.8.8
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Neighbour public IP doesn't work

Wed Aug 10, 2022 10:04 pm

So what @Sob and @bpwl have written above relates. The issue is with your ISP, and it may be both an intention or an incompetence, hard to say. If you also had a Mikrotik router, it might work to configure two routes, one to each half of the WAN subnet, via the gateway pushed to you by the ISP via DHCP. But not knowing anything about your own router, I cannot guess whether it is possible on it as well. I mean, it has to be done at both your and your neighbor's router, otherwise the packets would go only one way.
 
netruitus

Re: Neighbour public IP doesn't work

Thu Aug 11, 2022 11:31 am

So what @Sob and @bpwl have written above relates. The issue is with your ISP, and it may be both an intention or an incompetence, hard to say. If you also had a Mikrotik router, it might work to configure two routes, one to each half of the WAN subnet, via the gateway pushed to you by the ISP via DHCP. But not knowing anything about your own router, I cannot guess whether it is possible on it as well. I mean, it has to be done at both your and your neighbor's router, otherwise the packets would go only one way.
I have a TP-Link router on which I can set a static route, but I'm not sure if it's the same thing (screenshot from my router attached). To be honest I have no experience with routing that was suggested here. I think I will just contact my ISP hoping they will resolve this issue.
Thank you very much for help.
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Neighbour public IP doesn't work

Thu Aug 11, 2022 2:07 pm

I can set a static route, but I'm not sure if it's the same thing (screenshot from my router attached)
It seems it should work, so you can try. Assuming you get 11.22.33.25/24 as your own address with gateway 11.22.33.1, you would add two routes via WAN:
destination 11.22.33.0 mask 255.255.255.128 gateway 11.22.33.1
destination 11.22.33.128 mask 255.255.255.128 gateway 11.22.33.1
And the same at the neigbor's Mikrotik.
 
netruitus

Re: Neighbour public IP doesn't work

Tue Aug 16, 2022 1:53 pm

I can set a static route, but I'm not sure if it's the same thing (screenshot from my router attached)
It seems it should work, so you can try. Assuming you get 11.22.33.25/24 as your own address with gateway 11.22.33.1, you would add two routes via WAN:
destination 11.22.33.0 mask 255.255.255.128 gateway 11.22.33.1
destination 11.22.33.128 mask 255.255.255.128 gateway 11.22.33.1
And the same at the neigbor's Mikrotik.
May I ask if there is any difference for mask /22? I think I understand a concept, but I don't want to misconfigure it in any way.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Neighbour public IP doesn't work

Tue Aug 16, 2022 3:02 pm

For mask /22, the last but one bit of the 3rd byte makes the difference between the two /23.

So if you understand binary<->hexadecimal<->decimal conversions, it's easy; if you don't, there are 64 possibilities:
  • if the 3rd byte of the individual address is between 0 and 3 inclusive, the prefixes will be .0.0/23 + .2.0/23
  • if the 3rd byte of the individual address is between 4 and 7 inclusive, the prefixes will be .4.0/23 + .6.0/23
    ...
  • if the 3rd byte of the individual address is between 252 and 255 inclusive, the prefixes will be .252.0/23 + .254.0/23
Or another way - divide the 3rd byte of the individual address by 4, and multiply the integer part of the result by 4 again to get the 3rd byte of the first prefix; then add 2 to the 3rd byte of the first prefix to get the 3rd byte of the second prefix.
 
netruitus

Re: Neighbour public IP doesn't work

Tue Aug 16, 2022 4:13 pm

I think I understand, but let me just ask it. If both IP addresses are in the same CIDR+1 (netmask /23 instead of /22) range, do I still need to configure two routings?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Neighbour public IP doesn't work

Tue Aug 16, 2022 5:25 pm

If by "both addresses" you mean yours and the neighbours one, indeed it is enough to add a single route, with their common /23 as a destination.
 
netruitus

Re: Neighbour public IP doesn't work

Tue Aug 16, 2022 9:55 pm

Thank you very much, it worked.
It seems my ISP added some broken routing rule which was blocking the way to contact anyone in the same subnet.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Neighbour public IP doesn't work

Tue Aug 16, 2022 10:51 pm

Strictly speaking, I don't think it is a routing rule. It is quite common that the customers connected to the same access switch are prevented from directly sending traffic to each other, for both security reasons (device of one customer attacking devices of other customers) and bandwidth shaping reasons (which is done at the router, not on the access switch).

Who is online

Users browsing this forum: Google [Bot], Majestic-12 [Bot], nuwang13, Rhydu and 60 guests