Unpingable IP's on local network












0














I am using a MikroTik Router. I have two networks: 192.168.1.0/24 and 192.168.3.0/24. One is on ether4 and the other on ether5. I am trying to set it up such that these networks can ping each other.



Here is the router's config:



/interface ethernet
set [ find default-name=ether4 ] name=4_FrontDept
set [ find default-name=ether5 ] name=5_IntDept
set [ find default-name=ether9 ] name=9_BellNet
set [ find default-name=ether10 ] name=10_Primus

/ip pool
add name=InternetDept ranges=192.168.3.11-192.168.3.254
add name=FrontDept ranges=192.168.1.11-192.168.1.254

/ip dhcp-server
add address-pool=InternetDept disabled=no interface=5_IntDept name=
InternetDept
add address-pool=FrontDept disabled=no interface=4_FrontDept name=FrontDept

/port
set 0 name=serial0

/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=9_BellNet keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Bellnet_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=10_Primus keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Primus_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}

/ip address
add address=192.168.3.1/24 interface=5_IntDept network=192.168.3.0
add address=192.168.1.1/24 interface=4_FrontDept network=192.168.1.0

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
netmask=24

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Bellnet_ISP new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Primus_ISP new-connection-mark=Primus
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=4_FrontDept new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=5_IntDept new-connection-mark=Primus
add action=mark-routing chain=prerouting connection-mark=Primus
dst-address-type=!local new-routing-mark=RouteToPrimus
add action=mark-routing chain=prerouting connection-mark=Bell
dst-address-type=!local new-routing-mark=RouteToBell
add action=mark-routing chain=prerouting comment=
"For DNS Server On MikroTik Will Fetch Through Primus Connection"
connection-mark=no-mark disabled=yes dst-port=53 new-routing-mark=
RouteToPrimus protocol=udp

/ip firewall nat
add action=masquerade chain=srcnat connection-mark=Bell out-interface=
Bellnet_ISP
add action=masquerade chain=srcnat connection-mark=Primus out-interface=
Primus_ISP

/ip route
add distance=2 gateway=Primus_ISP routing-mark=RouteToPrimus
add distance=2 gateway=Bellnet_ISP routing-mark=RouteToBell


enter image description here



Tracert output from a 3.x computer to a 1.x one:



enter image description here










share|improve this question
























  • I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
    – Nevin Williams
    Sep 29 '15 at 19:08
















0














I am using a MikroTik Router. I have two networks: 192.168.1.0/24 and 192.168.3.0/24. One is on ether4 and the other on ether5. I am trying to set it up such that these networks can ping each other.



Here is the router's config:



/interface ethernet
set [ find default-name=ether4 ] name=4_FrontDept
set [ find default-name=ether5 ] name=5_IntDept
set [ find default-name=ether9 ] name=9_BellNet
set [ find default-name=ether10 ] name=10_Primus

/ip pool
add name=InternetDept ranges=192.168.3.11-192.168.3.254
add name=FrontDept ranges=192.168.1.11-192.168.1.254

/ip dhcp-server
add address-pool=InternetDept disabled=no interface=5_IntDept name=
InternetDept
add address-pool=FrontDept disabled=no interface=4_FrontDept name=FrontDept

/port
set 0 name=serial0

/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=9_BellNet keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Bellnet_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=10_Primus keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Primus_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}

/ip address
add address=192.168.3.1/24 interface=5_IntDept network=192.168.3.0
add address=192.168.1.1/24 interface=4_FrontDept network=192.168.1.0

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
netmask=24

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Bellnet_ISP new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Primus_ISP new-connection-mark=Primus
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=4_FrontDept new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=5_IntDept new-connection-mark=Primus
add action=mark-routing chain=prerouting connection-mark=Primus
dst-address-type=!local new-routing-mark=RouteToPrimus
add action=mark-routing chain=prerouting connection-mark=Bell
dst-address-type=!local new-routing-mark=RouteToBell
add action=mark-routing chain=prerouting comment=
"For DNS Server On MikroTik Will Fetch Through Primus Connection"
connection-mark=no-mark disabled=yes dst-port=53 new-routing-mark=
RouteToPrimus protocol=udp

/ip firewall nat
add action=masquerade chain=srcnat connection-mark=Bell out-interface=
Bellnet_ISP
add action=masquerade chain=srcnat connection-mark=Primus out-interface=
Primus_ISP

/ip route
add distance=2 gateway=Primus_ISP routing-mark=RouteToPrimus
add distance=2 gateway=Bellnet_ISP routing-mark=RouteToBell


enter image description here



Tracert output from a 3.x computer to a 1.x one:



enter image description here










share|improve this question
























  • I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
    – Nevin Williams
    Sep 29 '15 at 19:08














0












0








0







I am using a MikroTik Router. I have two networks: 192.168.1.0/24 and 192.168.3.0/24. One is on ether4 and the other on ether5. I am trying to set it up such that these networks can ping each other.



Here is the router's config:



/interface ethernet
set [ find default-name=ether4 ] name=4_FrontDept
set [ find default-name=ether5 ] name=5_IntDept
set [ find default-name=ether9 ] name=9_BellNet
set [ find default-name=ether10 ] name=10_Primus

/ip pool
add name=InternetDept ranges=192.168.3.11-192.168.3.254
add name=FrontDept ranges=192.168.1.11-192.168.1.254

/ip dhcp-server
add address-pool=InternetDept disabled=no interface=5_IntDept name=
InternetDept
add address-pool=FrontDept disabled=no interface=4_FrontDept name=FrontDept

/port
set 0 name=serial0

/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=9_BellNet keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Bellnet_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=10_Primus keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Primus_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}

/ip address
add address=192.168.3.1/24 interface=5_IntDept network=192.168.3.0
add address=192.168.1.1/24 interface=4_FrontDept network=192.168.1.0

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
netmask=24

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Bellnet_ISP new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Primus_ISP new-connection-mark=Primus
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=4_FrontDept new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=5_IntDept new-connection-mark=Primus
add action=mark-routing chain=prerouting connection-mark=Primus
dst-address-type=!local new-routing-mark=RouteToPrimus
add action=mark-routing chain=prerouting connection-mark=Bell
dst-address-type=!local new-routing-mark=RouteToBell
add action=mark-routing chain=prerouting comment=
"For DNS Server On MikroTik Will Fetch Through Primus Connection"
connection-mark=no-mark disabled=yes dst-port=53 new-routing-mark=
RouteToPrimus protocol=udp

/ip firewall nat
add action=masquerade chain=srcnat connection-mark=Bell out-interface=
Bellnet_ISP
add action=masquerade chain=srcnat connection-mark=Primus out-interface=
Primus_ISP

/ip route
add distance=2 gateway=Primus_ISP routing-mark=RouteToPrimus
add distance=2 gateway=Bellnet_ISP routing-mark=RouteToBell


enter image description here



Tracert output from a 3.x computer to a 1.x one:



enter image description here










share|improve this question















I am using a MikroTik Router. I have two networks: 192.168.1.0/24 and 192.168.3.0/24. One is on ether4 and the other on ether5. I am trying to set it up such that these networks can ping each other.



Here is the router's config:



/interface ethernet
set [ find default-name=ether4 ] name=4_FrontDept
set [ find default-name=ether5 ] name=5_IntDept
set [ find default-name=ether9 ] name=9_BellNet
set [ find default-name=ether10 ] name=10_Primus

/ip pool
add name=InternetDept ranges=192.168.3.11-192.168.3.254
add name=FrontDept ranges=192.168.1.11-192.168.1.254

/ip dhcp-server
add address-pool=InternetDept disabled=no interface=5_IntDept name=
InternetDept
add address-pool=FrontDept disabled=no interface=4_FrontDept name=FrontDept

/port
set 0 name=serial0

/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=9_BellNet keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Bellnet_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=10_Primus keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Primus_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}

/ip address
add address=192.168.3.1/24 interface=5_IntDept network=192.168.3.0
add address=192.168.1.1/24 interface=4_FrontDept network=192.168.1.0

/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
netmask=24

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Bellnet_ISP new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Primus_ISP new-connection-mark=Primus
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=4_FrontDept new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=5_IntDept new-connection-mark=Primus
add action=mark-routing chain=prerouting connection-mark=Primus
dst-address-type=!local new-routing-mark=RouteToPrimus
add action=mark-routing chain=prerouting connection-mark=Bell
dst-address-type=!local new-routing-mark=RouteToBell
add action=mark-routing chain=prerouting comment=
"For DNS Server On MikroTik Will Fetch Through Primus Connection"
connection-mark=no-mark disabled=yes dst-port=53 new-routing-mark=
RouteToPrimus protocol=udp

/ip firewall nat
add action=masquerade chain=srcnat connection-mark=Bell out-interface=
Bellnet_ISP
add action=masquerade chain=srcnat connection-mark=Primus out-interface=
Primus_ISP

/ip route
add distance=2 gateway=Primus_ISP routing-mark=RouteToPrimus
add distance=2 gateway=Bellnet_ISP routing-mark=RouteToBell


enter image description here



Tracert output from a 3.x computer to a 1.x one:



enter image description here







networking router traceroute mikrotik-routeros static-routes






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 14 at 23:34









Duncan X Simpson

1,093821




1,093821










asked Sep 29 '15 at 15:20









Nicolas Racine

16810




16810












  • I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
    – Nevin Williams
    Sep 29 '15 at 19:08


















  • I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
    – Nevin Williams
    Sep 29 '15 at 19:08
















I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
– Nevin Williams
Sep 29 '15 at 19:08




I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
– Nevin Williams
Sep 29 '15 at 19:08










2 Answers
2






active

oldest

votes


















0














It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
Try to add those mangle rules at the beginning of the mangle list.



/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 action=accept
add chain=prerouting dst-address=192.168.3.0/24 action=accept


That will force local packets to leave the mangle list, so they won't be marked.






share|improve this answer





























    0














    i have same problem and solved it
    i added some routes Dynamic, Active, Connected. on your case maybe like this



    /ip route
    add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
    add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell


    Correct me if i'm wrong






    share|improve this answer





















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "3"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f979730%2funpingable-ips-on-local-network%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      0














      It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
      Try to add those mangle rules at the beginning of the mangle list.



      /ip firewall mangle
      add chain=prerouting dst-address=192.168.1.0/24 action=accept
      add chain=prerouting dst-address=192.168.3.0/24 action=accept


      That will force local packets to leave the mangle list, so they won't be marked.






      share|improve this answer


























        0














        It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
        Try to add those mangle rules at the beginning of the mangle list.



        /ip firewall mangle
        add chain=prerouting dst-address=192.168.1.0/24 action=accept
        add chain=prerouting dst-address=192.168.3.0/24 action=accept


        That will force local packets to leave the mangle list, so they won't be marked.






        share|improve this answer
























          0












          0








          0






          It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
          Try to add those mangle rules at the beginning of the mangle list.



          /ip firewall mangle
          add chain=prerouting dst-address=192.168.1.0/24 action=accept
          add chain=prerouting dst-address=192.168.3.0/24 action=accept


          That will force local packets to leave the mangle list, so they won't be marked.






          share|improve this answer












          It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
          Try to add those mangle rules at the beginning of the mangle list.



          /ip firewall mangle
          add chain=prerouting dst-address=192.168.1.0/24 action=accept
          add chain=prerouting dst-address=192.168.3.0/24 action=accept


          That will force local packets to leave the mangle list, so they won't be marked.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Sep 30 '15 at 15:31









          Benoit PHILIPPON

          23613




          23613

























              0














              i have same problem and solved it
              i added some routes Dynamic, Active, Connected. on your case maybe like this



              /ip route
              add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
              add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell


              Correct me if i'm wrong






              share|improve this answer


























                0














                i have same problem and solved it
                i added some routes Dynamic, Active, Connected. on your case maybe like this



                /ip route
                add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
                add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell


                Correct me if i'm wrong






                share|improve this answer
























                  0












                  0








                  0






                  i have same problem and solved it
                  i added some routes Dynamic, Active, Connected. on your case maybe like this



                  /ip route
                  add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
                  add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell


                  Correct me if i'm wrong






                  share|improve this answer












                  i have same problem and solved it
                  i added some routes Dynamic, Active, Connected. on your case maybe like this



                  /ip route
                  add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
                  add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell


                  Correct me if i'm wrong







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jan 12 '16 at 11:22









                  Rizky Maulana

                  1




                  1






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Super User!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f979730%2funpingable-ips-on-local-network%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Probability when a professor distributes a quiz and homework assignment to a class of n students.

                      Aardman Animations

                      Are they similar matrix