Community discussions

MikroTik App
 
pentorion
just joined
Topic Author
Posts: 14
Joined: Fri Aug 26, 2022 10:03 pm

Host unreachable from one direction

Fri Aug 26, 2022 10:20 pm

Hello mikrotik forum

A router is in cpe mode and is connected wirelessly to a router which is in ap mode.
Both of them have a computer connected to their local network.
I can ping successfully from the computer that is connected to the cpe router the computer that is connected to the ap router.
But I can't ping from the other way around. I get a "destination net unreachable" error. It seems that I can't ping the local network behind the cpe router.
In the cpe router I have one NAT rule which is:
action=masquerade
chain=srcnat
src. ddress=192.168.1.0/24
out.interface=wlan1

In the ap router there is the default's configuration masquerade rule.
I'm pretty sure that I have to add a dstnat rule, so in the cpe router i tried:
action=dstnat
to-addresses=192.168.1.0/24
chain=dstnat
dst. ddress=(the IP of the wlan)
out.interface=wlan1

but with no luck.
Do I have to add a NAT rule in both routers? and what rule?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Host unreachable from one direction

Sat Aug 27, 2022 1:09 am

You probably need route on AP:
/ip route
add dst-address=192.168.1.0/24 gateway=<whatever address CPE has on its port connected to AP>
And once you do that, whole masquerade may not be needed anymore. Dstnat rule could be another solution, but it would go to only single address behind CPE and you'd be connecting to CPE's address. Feel free to share more details, to help decide what you really need.
 
pentorion
just joined
Topic Author
Posts: 14
Joined: Fri Aug 26, 2022 10:03 pm

Re: Host unreachable from one direction

Sat Aug 27, 2022 1:35 am

You probably need route on AP:
/ip route
add dst-address=192.168.1.0/24 gateway=<whatever address CPE has on its port connected to AP>
And once you do that, whole masquerade may not be needed anymore. Dstnat rule could be another solution, but it would go to only single address behind CPE and you'd be connecting to CPE's address. Feel free to share more details, to help decide what you really need.
OK I put the rule you suggested in ip -> routes on AP. I get "almost" the same error. Before your suggestion I sent 4 ping packets (with destination the computer behind the CPE) and I got the same message 4 times: "Reply from 62.169.255.54: Destination net unreachable."
Now I get "Reply from xxx.xx.xx.x (the IP address of the NIC of my computer I send the ping packets): Destination host unreachable", and the respones of the other 3 packets are exactly the same as before I apply your suggestion. I don't know if it's noteworthy.

Some details:
There was already another route in the list (of the AP) which is dst-address=xxx.xx.xx.0/24 which is the address of the local network on my AP, and gateway=bridge. Should I keep it?
Actually there will be only a single address behind CPE which I want to communicate with the computer behind the AP.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Host unreachable from one direction

Sat Aug 27, 2022 7:37 pm

I think it will need significantly more details, what's this whole thing, how is everything configured, etc.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19104
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Host unreachable from one direction

Sat Aug 27, 2022 7:42 pm

I think it will need significantly more details, what's this whole thing, how is everything configured, etc.
@S0b, When will you ever learn to ask for such information first?
( Můžete přivést osla k vodě, ale nemůžete ho přimět pít )

Who is online

Users browsing this forum: 0xAA55, Bing [Bot], EmuAGR, ppawe and 55 guests