Does the server without connectivity have a working default gateway? Dave
> On May 4, 2022, at 4:00 PM, Christopher Tyler <[email protected]> > wrote: > > Rebooted both the router and the switch, no joy, issue persists. > > -- > Christopher Tyler > Senior Network Engineer > MTCRE/MTCNA/MTCTCE/MTCWE > > Total Highspeed Internet Solutions > 1091 W. Kathryn Street > Nixa, MO 65714 > (417) 851-1107 x. 9002 > www.totalhighspeed.com > > This institution is an equal opportunity provider and employer. > Esta institución es un proveedor de servicios con igualdad de oportunidades. > > ----- Original Message ----- >> From: "Adam Moffett" <[email protected]> >> To: "AnimalFarm Microwave Users Group" <[email protected]> >> Sent: Wednesday, May 4, 2022 2:50:13 PM >> Subject: Re: [AFMUG] Weird IP issue > >> If this is a Mikrotik switch, reboot it before you waste a lot of time. >> >> I've seen weird stuff too many times. I had a CRS317 the other day where we >> got 98% packet loss to one specific host. Watching the switch hosts table it >> seemed like it kept changing it's mind as to which interface that MAC address >> was on. Reboot cleared it right up. >> >> -Adam >> >> >> -----Original Message----- >> From: AF <[email protected]> On Behalf Of Larry Smith >> Sent: Wednesday, May 04, 2022 12:50 PM >> To: AnimalFarm Microwave Users Group <[email protected]> >> Subject: Re: [AFMUG] Weird IP issue >> >> >> To verify that, drop the firewall and then test again. >> If its firewall related it will start working. >> >> -- >> Larry Smith >> [email protected] >> >> On Wed May 4 2022 11:18, Christopher Tyler wrote: >>> Very minimal, really just basic input rules, nothing that would block >>> the IP addresses from getting through. No NAT or Mangle rules on this >>> router. >>> >>> /ip firewall filter >>> add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \ >>> connection-state=established,related >>> add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf add >>> action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp >>> add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 >>> protocol=\ udp add action=accept chain=input comment="ACCEPT DHCP" >>> dst-port=67 protocol=udp add action=accept chain=input comment="Allow >>> MTIK Bandwidth Test" dst-port=\ 2000-3000 protocol=tcp add >>> action=accept chain=input comment="Allow MTIK Bandwidth Test" >>> dst-port=\ 2000-3000 protocol=udp >>> add action=accept chain=input dst-port=5678 protocol=tcp add >>> action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\ >>> THIS_ADMIN >>> add action=accept chain=output comment="ACCEPT ALL OUTBOUND" >>> add action=drop chain=input comment="DROP ALL OTHER INPUT" >>> >>> >>> -- >>> Christopher Tyler >>> Senior Network Engineer >>> MTCRE/MTCNA/MTCTCE/MTCWE >>> >>> Total Highspeed Internet Solutions >>> 1091 W. Kathryn Street >>> Nixa, MO 65714 >>> (417) 851-1107 x. 9002 >>> www.totalhighspeed.com >>> >>> This institution is an equal opportunity provider and employer. >>> Esta institución es un proveedor de servicios con igualdad de >>> oportunidades. >>> >>> ----- Original Message ----- >>> >>>> From: "Josh Luthman" <[email protected]> >>>> To: "AnimalFarm Microwave Users Group" <[email protected]> >>>> Sent: Wednesday, May 4, 2022 11:12:55 AM >>>> Subject: Re: [AFMUG] Weird IP issue >>>> >>>> Firewall filter rules? >>>> >>>> Double check the gateway and subnet on the server. >>>> >>>> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [ >>>> mailto:[email protected] | [email protected] ] > wrote: >>>> >>>> >>>> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running >>>> RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. >>>> I have two servers on that switch both in the the same public IP >>>> block. I can ping both servers from the router, and they can ping >>>> each other. One server is globally reachable and the other is not >>>> reachable other than from the router or switch itself. I plugged in >>>> my laptop and assigned it an IP in that same range and cannot reach >>>> it extrenally either. The router is using OSPF and I can see the >>>> route for that IP block from both sides of the router, but >>>> traceroutes/pings to anything other than the server that is working >>>> stop at the router. No vlans or special configuration between the >>>> router and the switch, just basic IP, all ports on the switch are >>>> bridged. Forwarded ports (dstnat) don't appear to work from the router >>>> either. >>>> >>>> I'm stumped, so I figured I would ask if anyone else has seen >>>> anything like this and have a solution, or am I looking at a >>>> possible RouterOS 7 issue? >>>> >>>> -- >>>> Christopher Tyler >>>> Senior Network Engineer >>>> MTCRE/MTCNA/MTCTCE/MTCWE >>>> >>>> Total Highspeed Internet Solutions >>>> 1091 W. Kathryn Street >>>> Nixa, MO 65714 >>>> (417) 851-1107 x. 9002 >>>> [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ] >>>> >>>> This institution is an equal opportunity provider and employer. >>>> Esta institución es un proveedor de servicios con igualdad de >>>> oportunidades. >>>> >>>> -- >>>> AF mailing list >>>> [ mailto:[email protected] | [email protected] ] [ >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] >>>> >>>> -- >>>> AF mailing list >>>> [email protected] >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
