Hello I fear I stumbled over a routerOS bug. Could somebody confirm or does someone know a work-around? (Is this the official Microtik Mailinglist btw?)
I have a network with two IP Ranges used on the same 'wire'. The Mikrotik should route between those ranges (and also send and receive the occasional ICMP redirect). I have no firewall rules active. I want just to use routing, no filtering. Please ignore the disabled VLANs. MikroTik RouterOS 6.0rc5 (c) 1999-2012 http://www.mikrotik.com/ [admin@MikroTik] > /interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU L2MTU MAX-L2MTU MAC-ADDRESS 0 R LAN2 ether 1500 1598 4074 00:0C:42:FE:F3:A3 1 LAN3 ether 1500 1598 4074 00:0C:42:FE:F3:A4 2 LAN4 ether 1500 1598 4074 00:0C:42:FE:F3:A5 3 LAN5 ether 1500 1598 4074 00:0C:42:FE:F3:A6 4 WAN1 ether 1500 1598 4074 00:0C:42:FE:F3:A2 5 X pratteln vlan 1500 00:0C:42:FE:F3:A3 6 X scoutnet vlan 1500 00:0C:42:FE:F3:A3 7 X voice vlan 1500 00:0C:42:FE:F3:A3 [admin@MikroTik] > /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 157.161.57.65/28 157.161.57.64 LAN2 1 192.168.1.1/24 192.168.1.0 LAN5 2 192.168.57.1/24 192.168.57.0 LAN2 3 X 157.161.57.30/27 157.161.57.0 pratteln 4 X 157.161.6.1/24 157.161.6.0 pratteln [admin@MikroTik] > /ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 ADC 157.161.57.64/28 157.161.57.65 LAN2 0 1 ADC 192.168.1.0/24 192.168.1.1 LAN5 0 2 ADC 192.168.57.0/24 192.168.57.1 LAN2 0 I have now attached a Linux Machine direktly to LAN2 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether 00:25:64:38:ce:f9 brd ff:ff:ff:ff:ff:ff inet 157.161.4.87/24 brd 157.151.4.255 scope global br0 inet 157.161.57.67/28 scope global br0 inet 192.168.57.4/24 scope global br0 # ip route default via 157.161.4.1 dev br0 157.161.4.0/24 dev br0 proto kernel scope link src 157.161.4.87 157.161.57.0/27 dev br0.3 proto kernel scope link src 157.161.57.4 157.161.57.64/28 dev br0 proto kernel scope link src 157.161.57.67 192.168.57.0/24 dev br0 proto kernel scope link src 192.168.57.4 While routing, the most specific route is used. So 192.168.57.1/24 <=> 192.168.57.4/24 on LAN 2 should be able to communicate and 157.161.57.65/28 <=> 157.161.57.67/28 on LAN2 should be abel to communicate (btw, I more or less copied this setup from a SnapGear Firewall which has just become too slow for the traffic) But: >From Linux: # ping 192.168.57.1 -c 1 PING 192.168.57.1 (192.168.57.1) 56(84) bytes of data. 64 bytes from 192.168.57.1: icmp_req=1 ttl=64 time=0.392 ms Fine, as expected. # ping 157.161.57.65 -c 1 PING 157.161.57.65 (157.161.57.65) 56(84) bytes of data. --- 157.161.57.65 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms The second IP is just not reachable. I did some sniffing. ARP works as expected. The Microtik answers with it's MAC address. The Linux machine sends the ICMP Echo Request to the Microtik. This Arrives on LAN2 but the Microtik does not know a route back! Let's ping from the Microtik: [admin@MikroTik] > /ping 192.168.57.4 HOST SIZE TTL TIME STATUS 192.168.57.4 56 64 0ms As expected. [admin@MikroTik] > /ping 157.161.57.67 HOST SIZE TTL TIME STATUS no route to host Why that? The Route table is correct... Did I find a Bug? PS: If I enable my vlans I got the same problem with the two IP ranges on the VLAN interface. One just does not work. Benoit Panizzon -- I m p r o W a r e A G - ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 Pratteln Fax +41 61 826 93 02 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
