Unpingable IP's on local network
I am using a MikroTik Router. I have two networks: 192.168.1.0/24 and 192.168.3.0/24. One is on ether4 and the other on ether5. I am trying to set it up such that these networks can ping each other.
Here is the router's config:
/interface ethernet
set [ find default-name=ether4 ] name=4_FrontDept
set [ find default-name=ether5 ] name=5_IntDept
set [ find default-name=ether9 ] name=9_BellNet
set [ find default-name=ether10 ] name=10_Primus
/ip pool
add name=InternetDept ranges=192.168.3.11-192.168.3.254
add name=FrontDept ranges=192.168.1.11-192.168.1.254
/ip dhcp-server
add address-pool=InternetDept disabled=no interface=5_IntDept name=
InternetDept
add address-pool=FrontDept disabled=no interface=4_FrontDept name=FrontDept
/port
set 0 name=serial0
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=9_BellNet keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Bellnet_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=10_Primus keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Primus_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
/ip address
add address=192.168.3.1/24 interface=5_IntDept network=192.168.3.0
add address=192.168.1.1/24 interface=4_FrontDept network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Bellnet_ISP new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Primus_ISP new-connection-mark=Primus
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=4_FrontDept new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=5_IntDept new-connection-mark=Primus
add action=mark-routing chain=prerouting connection-mark=Primus
dst-address-type=!local new-routing-mark=RouteToPrimus
add action=mark-routing chain=prerouting connection-mark=Bell
dst-address-type=!local new-routing-mark=RouteToBell
add action=mark-routing chain=prerouting comment=
"For DNS Server On MikroTik Will Fetch Through Primus Connection"
connection-mark=no-mark disabled=yes dst-port=53 new-routing-mark=
RouteToPrimus protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat connection-mark=Bell out-interface=
Bellnet_ISP
add action=masquerade chain=srcnat connection-mark=Primus out-interface=
Primus_ISP
/ip route
add distance=2 gateway=Primus_ISP routing-mark=RouteToPrimus
add distance=2 gateway=Bellnet_ISP routing-mark=RouteToBell
Tracert output from a 3.x computer to a 1.x one:
networking router traceroute mikrotik-routeros static-routes
add a comment |
I am using a MikroTik Router. I have two networks: 192.168.1.0/24 and 192.168.3.0/24. One is on ether4 and the other on ether5. I am trying to set it up such that these networks can ping each other.
Here is the router's config:
/interface ethernet
set [ find default-name=ether4 ] name=4_FrontDept
set [ find default-name=ether5 ] name=5_IntDept
set [ find default-name=ether9 ] name=9_BellNet
set [ find default-name=ether10 ] name=10_Primus
/ip pool
add name=InternetDept ranges=192.168.3.11-192.168.3.254
add name=FrontDept ranges=192.168.1.11-192.168.1.254
/ip dhcp-server
add address-pool=InternetDept disabled=no interface=5_IntDept name=
InternetDept
add address-pool=FrontDept disabled=no interface=4_FrontDept name=FrontDept
/port
set 0 name=serial0
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=9_BellNet keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Bellnet_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=10_Primus keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Primus_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
/ip address
add address=192.168.3.1/24 interface=5_IntDept network=192.168.3.0
add address=192.168.1.1/24 interface=4_FrontDept network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Bellnet_ISP new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Primus_ISP new-connection-mark=Primus
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=4_FrontDept new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=5_IntDept new-connection-mark=Primus
add action=mark-routing chain=prerouting connection-mark=Primus
dst-address-type=!local new-routing-mark=RouteToPrimus
add action=mark-routing chain=prerouting connection-mark=Bell
dst-address-type=!local new-routing-mark=RouteToBell
add action=mark-routing chain=prerouting comment=
"For DNS Server On MikroTik Will Fetch Through Primus Connection"
connection-mark=no-mark disabled=yes dst-port=53 new-routing-mark=
RouteToPrimus protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat connection-mark=Bell out-interface=
Bellnet_ISP
add action=masquerade chain=srcnat connection-mark=Primus out-interface=
Primus_ISP
/ip route
add distance=2 gateway=Primus_ISP routing-mark=RouteToPrimus
add distance=2 gateway=Bellnet_ISP routing-mark=RouteToBell
Tracert output from a 3.x computer to a 1.x one:
networking router traceroute mikrotik-routeros static-routes
I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
– Nevin Williams
Sep 29 '15 at 19:08
add a comment |
I am using a MikroTik Router. I have two networks: 192.168.1.0/24 and 192.168.3.0/24. One is on ether4 and the other on ether5. I am trying to set it up such that these networks can ping each other.
Here is the router's config:
/interface ethernet
set [ find default-name=ether4 ] name=4_FrontDept
set [ find default-name=ether5 ] name=5_IntDept
set [ find default-name=ether9 ] name=9_BellNet
set [ find default-name=ether10 ] name=10_Primus
/ip pool
add name=InternetDept ranges=192.168.3.11-192.168.3.254
add name=FrontDept ranges=192.168.1.11-192.168.1.254
/ip dhcp-server
add address-pool=InternetDept disabled=no interface=5_IntDept name=
InternetDept
add address-pool=FrontDept disabled=no interface=4_FrontDept name=FrontDept
/port
set 0 name=serial0
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=9_BellNet keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Bellnet_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=10_Primus keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Primus_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
/ip address
add address=192.168.3.1/24 interface=5_IntDept network=192.168.3.0
add address=192.168.1.1/24 interface=4_FrontDept network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Bellnet_ISP new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Primus_ISP new-connection-mark=Primus
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=4_FrontDept new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=5_IntDept new-connection-mark=Primus
add action=mark-routing chain=prerouting connection-mark=Primus
dst-address-type=!local new-routing-mark=RouteToPrimus
add action=mark-routing chain=prerouting connection-mark=Bell
dst-address-type=!local new-routing-mark=RouteToBell
add action=mark-routing chain=prerouting comment=
"For DNS Server On MikroTik Will Fetch Through Primus Connection"
connection-mark=no-mark disabled=yes dst-port=53 new-routing-mark=
RouteToPrimus protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat connection-mark=Bell out-interface=
Bellnet_ISP
add action=masquerade chain=srcnat connection-mark=Primus out-interface=
Primus_ISP
/ip route
add distance=2 gateway=Primus_ISP routing-mark=RouteToPrimus
add distance=2 gateway=Bellnet_ISP routing-mark=RouteToBell
Tracert output from a 3.x computer to a 1.x one:
networking router traceroute mikrotik-routeros static-routes
I am using a MikroTik Router. I have two networks: 192.168.1.0/24 and 192.168.3.0/24. One is on ether4 and the other on ether5. I am trying to set it up such that these networks can ping each other.
Here is the router's config:
/interface ethernet
set [ find default-name=ether4 ] name=4_FrontDept
set [ find default-name=ether5 ] name=5_IntDept
set [ find default-name=ether9 ] name=9_BellNet
set [ find default-name=ether10 ] name=10_Primus
/ip pool
add name=InternetDept ranges=192.168.3.11-192.168.3.254
add name=FrontDept ranges=192.168.1.11-192.168.1.254
/ip dhcp-server
add address-pool=InternetDept disabled=no interface=5_IntDept name=
InternetDept
add address-pool=FrontDept disabled=no interface=4_FrontDept name=FrontDept
/port
set 0 name=serial0
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=9_BellNet keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Bellnet_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2
dial-on-demand=no disabled=no interface=10_Primus keepalive-timeout=60
max-mru=1480 max-mtu=1480 mrru=1600 name=Primus_ISP password={PASSWORD}
profile=default service-name="" use-peer-dns=no user={USERNAME}
/ip address
add address=192.168.3.1/24 interface=5_IntDept network=192.168.3.0
add address=192.168.1.1/24 interface=4_FrontDept network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1
netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Bellnet_ISP new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=Primus_ISP new-connection-mark=Primus
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=4_FrontDept new-connection-mark=Bell
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=5_IntDept new-connection-mark=Primus
add action=mark-routing chain=prerouting connection-mark=Primus
dst-address-type=!local new-routing-mark=RouteToPrimus
add action=mark-routing chain=prerouting connection-mark=Bell
dst-address-type=!local new-routing-mark=RouteToBell
add action=mark-routing chain=prerouting comment=
"For DNS Server On MikroTik Will Fetch Through Primus Connection"
connection-mark=no-mark disabled=yes dst-port=53 new-routing-mark=
RouteToPrimus protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat connection-mark=Bell out-interface=
Bellnet_ISP
add action=masquerade chain=srcnat connection-mark=Primus out-interface=
Primus_ISP
/ip route
add distance=2 gateway=Primus_ISP routing-mark=RouteToPrimus
add distance=2 gateway=Bellnet_ISP routing-mark=RouteToBell
Tracert output from a 3.x computer to a 1.x one:
networking router traceroute mikrotik-routeros static-routes
networking router traceroute mikrotik-routeros static-routes
edited Dec 14 at 23:34
Duncan X Simpson
1,093821
1,093821
asked Sep 29 '15 at 15:20
Nicolas Racine
16810
16810
I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
– Nevin Williams
Sep 29 '15 at 19:08
add a comment |
I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
– Nevin Williams
Sep 29 '15 at 19:08
I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
– Nevin Williams
Sep 29 '15 at 19:08
I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
– Nevin Williams
Sep 29 '15 at 19:08
add a comment |
2 Answers
2
active
oldest
votes
It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
Try to add those mangle rules at the beginning of the mangle list.
/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 action=accept
add chain=prerouting dst-address=192.168.3.0/24 action=accept
That will force local packets to leave the mangle list, so they won't be marked.
add a comment |
i have same problem and solved it
i added some routes Dynamic, Active, Connected. on your case maybe like this
/ip route
add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell
Correct me if i'm wrong
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f979730%2funpingable-ips-on-local-network%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
Try to add those mangle rules at the beginning of the mangle list.
/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 action=accept
add chain=prerouting dst-address=192.168.3.0/24 action=accept
That will force local packets to leave the mangle list, so they won't be marked.
add a comment |
It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
Try to add those mangle rules at the beginning of the mangle list.
/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 action=accept
add chain=prerouting dst-address=192.168.3.0/24 action=accept
That will force local packets to leave the mangle list, so they won't be marked.
add a comment |
It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
Try to add those mangle rules at the beginning of the mangle list.
/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 action=accept
add chain=prerouting dst-address=192.168.3.0/24 action=accept
That will force local packets to leave the mangle list, so they won't be marked.
It looks like the "!local" filter does not work in your case, you are marking local packets to use ISP, so they get lost in the internet.
Try to add those mangle rules at the beginning of the mangle list.
/ip firewall mangle
add chain=prerouting dst-address=192.168.1.0/24 action=accept
add chain=prerouting dst-address=192.168.3.0/24 action=accept
That will force local packets to leave the mangle list, so they won't be marked.
answered Sep 30 '15 at 15:31
Benoit PHILIPPON
23613
23613
add a comment |
add a comment |
i have same problem and solved it
i added some routes Dynamic, Active, Connected. on your case maybe like this
/ip route
add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell
Correct me if i'm wrong
add a comment |
i have same problem and solved it
i added some routes Dynamic, Active, Connected. on your case maybe like this
/ip route
add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell
Correct me if i'm wrong
add a comment |
i have same problem and solved it
i added some routes Dynamic, Active, Connected. on your case maybe like this
/ip route
add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell
Correct me if i'm wrong
i have same problem and solved it
i added some routes Dynamic, Active, Connected. on your case maybe like this
/ip route
add distance=1 dst-address=192.168.3.0/24 gateway=5_IntDept routing-mark=RouteToPrimus
add distance=1 dst-address=192.168.1.0/24 gateway=4_FrontDept routing-mark=RouteToBell
Correct me if i'm wrong
answered Jan 12 '16 at 11:22
Rizky Maulana
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f979730%2funpingable-ips-on-local-network%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I'm not familiar with this specific firewall syntax, so perhaps I've missed where it explicitly allows local routing. I see rules that I think apply to !local (not local?) addresses; perhaps some rules that allow local traffic through are needed? In the screenshot with tracert, if, for some reason, the interface 192.168.1.1 is down, that network would be !local, and traffic would then go out the primus conneciton.
– Nevin Williams
Sep 29 '15 at 19:08