Can't ping between devices in different networks

mmunoz · Sat Aug 20, 2022 8:29 pm

Hi, I have two routers (Router 1 in LAN 192.168.2.0/24 and Router 2 in LAN 192.168.3.0/24). Both routers are connected from mikrotik interfaces to each WAN router port and static IP.

Router 1 WAN IP: 172.17.0.10/16 (Gateway 172.17.0.1)
Router 2 WAN IP: 172.16.0.10/16 (Gateway 172.16.0.1)

Devices connected in each router has internet connection and I can access to mikrotik from winbox, but I can't ping from 192.168.3.10 to 192.168.2.10.

# aug/20/2022 14:18:28 by RouterOS 6.47.9
# software id = T3VF-7XUI
#
# model = RB750Gr3
# serial number = xxx
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment="Surveillance (Cameras)"
set [ find default-name=ether3 ] comment="Points of Sale"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface pptp-server server
set enabled=yes
/ip address
add address=172.16.0.1/16 comment="Surveillance Network" interface=ether2 \
    network=172.16.0.0
add address=172.17.0.1/16 comment="Point of Sales" interface=ether3 network=\
    172.17.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment="WAN Dynamic IP" disabled=no interface=ether1
/ip firewall address-list
add address=192.168.2.0/24 comment="Point of Sales Network" list=Proton_LAN
add address=192.168.3.0/24 comment="Surveillance Network" list=Proton_LAN
/ip firewall filter
add action=accept chain=forward comment="Internal communication between LANs" \
    dst-address-list=Proton_LAN protocol=tcp src-address-list=Proton_LAN
/ip firewall nat
add action=masquerade chain=srcnat dst-address=0.0.0.0/0 out-interface=ether1
/ip route
add comment="Point of Sales Network" distance=1 dst-address=192.168.2.0/24 \
    gateway=ether3
add comment="Surveillance Network" distance=1 dst-address=192.168.3.0/24 \
    gateway=ether2
/system clock
set time-zone-name=America/Argentina/Buenos_Aires
/system identity
set name="LTDA aM"

Thanks for your help!

anav · Sat Aug 20, 2022 11:25 pm

Please draw a network diagram its hard to tell whos who in the zoo. Would need all MT device configs if more than one.

Sun Aug 21, 2022 2:03 pm

Seems that you have 3 MT.
The first router configured for 192.168.2.0/24 devices
The second router confiured for 192.168.3.0/24 subnet
Third one is the "master" which supplies internet to the "first" and the "second" router via eth2 and eth3 interfaces (with 172.x.0.0/16 subnets) where WANs of routers are connected.
If both "first" and "second" router have firewall and NAT configured then they hide own LANs subnets and whole their traffic is seen as 172.x.0.0/16. Nothing with 192.168.x.0/24 should go outside "first" and "second" router.
As the "main" router has no 192.168.x.0/24 addresses assigned to any interfece then there is no way to pass such traffic as it has no way to process such packets. Assume that packet from 192.168.2.0/24 router was "pushed" somehow on proper interface then try to answer what the src and dst addresses it has? How the traffic is seen by the 192.168.3.0/24 router? Where it should send the answer?

P.S. Diagram would be helpfull.

anav · Sun Aug 21, 2022 3:45 pm

Wait until enough INFORMation is provided to make an informed post....

Or in other words, the above error in judgement is called help interruptus. Distracting the OP with speculation instead of waiting for the OP to provide the necessary information.
THe PS is too late........ should have been first and with the same request for all configs!

Sun Aug 21, 2022 7:27 pm

If OP writes, that has 2 routers connected to Internet via third one and the config of the third ("main") is shown then the question to the OP "how the traffic is supposed to flow if the "main" router knows nothing about 192.168.x.0/24 subnets" is the "dwell-on-subject" type.
Yes, I could wait for the answer from OP but maybe putting some light on known configuration will help the OP? Who knows?

Buckeye · Mon Aug 22, 2022 12:01 am

A first time poster, for whom we know nothing about what level of networking knowledge they may or may not have, comes to the forum with an ambiguous question.

And absolutely no information about the downsteam routers other than that they have the MT router as their gateway. And no information about the end nodes (that could have host based firewalls, as is common with Windows).

What is the point in guessing and suggesting any "solution" without more information so we can answer the correct question?

So this is my suggestion to the OP

See Getting Answers and How to Report Bugs Effectively
@anav's NEW USER POSTING FOR ASSISTANCE
Getting the most out of this forum

Can you find your problem using this: FLINT HILLS TECHNICAL COLLEGE Network Troubleshooting Flowchart This is a good script for checking frequent causes of problems. More troubleshooting tips in this post. Useful guidelines: G. Polya, How to Solve It

P.S. @anav, did you just coin the "help interruptus" description? A google search for help interruptus found other unrelated links with the word "interruptus" in them.

anav · Mon Aug 22, 2022 1:18 am

When you get older Buckeye, I will explain it to you.

On a serious note, your requirements based approach brings a tear to my eye, now only if the MT nerds (experts) get it................ unless their brains are pickled by too much CLI jajajajaja.

mkx · Mon Aug 22, 2022 12:05 pm

Since everybody seems to be throwing in their dime in random currency, let me throw in my 5 cents in form of santïms.

This part of config, posted in original post, seems suspicious to me:

/ip route
add comment="Point of Sales Network" distance=1 dst-address=192.168.2.0/24 \
    gateway=ether3
add comment="Surveillance Network" distance=1 dst-address=192.168.3.0/24 \
    gateway=ether2

Since router itself doesn't have own address in neither 192.168.2.0/24 nor 192.168.3.0/24 subnets, its capability to find next hop is limited. Proper way of configuring static routes in this case (when associated interface is a normal subnet interface) is to set next hop's IP address as gateway (instead of egress interface). Something like this:

/ip route
add comment="Point of Sales Network" distance=1 dst-address=192.168.2.0/24 \
    gateway=172.17.0.10
add comment="Surveillance Network" distance=1 dst-address=192.168.3.0/24 \
    gateway=172.16.0.10

Also make sure router 1 and router 2 have configured their static routes with IP addresses of this router, not interface name.

Note that it is possible to use interface name as gateway but this really only works fine when interface is a point-to-point type, e.g. any kind of tunnel interface or ethernet interface with appropriately set address and network (in Mikrotik world address has to be /32 and network set to peer's IP address). Otherwise correct functioning depends on behaviour of peer and one can never be entirely sure how things will turn out.

Can't ping between devices in different networks

Can't ping between devices in different networks

Re: Can't ping between devices in different networks

Re: Can't ping between devices in different networks

Re: Can't ping between devices in different networks

Re: Can't ping between devices in different networks

Re: Can't ping between devices in different networks

Re: Can't ping between devices in different networks

Re: Can't ping between devices in different networks

Who is online