I am trying to help my local Mom and Pop ISP solve a routing problem.
We can’t ping any CPE equipment located in the IP Range of 192.168.2.0/24 from the router or from the local network.
We have full internet access from the local network.
We need to update the client CPE equipment for a future change.
Router public IP is 10.10.10.10 the local net is 192.168.2.0/24
The Gateway for the local net is 192.168.2.1
The router OS is 2.9.46
Internet – (10.10.10.10 -> 192.168.2.1) <-->192.168.2.1
These are the firewall rules.
add chain=srcnat action=masquerade src-address=192.168.2.0/24 \
dst-address=0.0.0.0/0 comment="masquerade hotspot network" disabled=no
/ ip firewall filter
add chain=input action=reject reject-with=icmp-network-unreachable \
src-address=211.215.17.146 comment="blocked ip addresses" disabled=no
add chain=input action=reject reject-with=icmp-network-unreachable \
src-address=200.75.50.163 comment="" disabled=no
add chain=input action=reject reject-with=icmp-admin-prohibited \
src-address=211.101.32.218 src-address-list="" comment="" disable
add chain=input action=reject reject-with=icmp-network-unreachable \
src-address=125.133.62.11 comment="" disabled=no
add chain=input action=reject reject-with=icmp-network-unreachable \
src-address=58.20.23.126 comment="" disabled=no
add chain=input action=reject reject-with=icmp-network-unreachable \
src-address=211.166.10.104 comment="" disabled=no
add chain=input action=reject reject-with=icmp-network-unreachable \
src-address=85.114.141.81 comment="" disabled=no
What am I missing?
When I ping from my node 192.168.2.100, I get the following information
Pinging 192.168.2.21 with 32 bytes of data:
Reply from 192.168.2.1: Destination host unreachable.
Reply from 192.168.2.1: Destination host unreachable.
Reply from 192.168.2.1: Destination host unreachable.
Reply from 192.168.2.1: Destination host unreachable.
Ping statistics for 192.168.2.21:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
When I Ping from the Router via Winbox or Telnet. I get a timeout or host unreachable.
Re: I can’t ping CPE equipment from local network or router.
----
Hai fren,
i think this basic will help you: http://www.mikrotik.com/testdocs/ros/2. ... /basic.php
and about wirelessly at this link: http://www.mikrotik.com/testdocs/ros/2. ... reless.php
regards
Hasbullah.com
----
Hai fren,
i think this basic will help you: http://www.mikrotik.com/testdocs/ros/2. ... /basic.php
and about wirelessly at this link: http://www.mikrotik.com/testdocs/ros/2. ... reless.php
regards
Hasbullah.com
----
Re: I can’t ping CPE equipment from local network or router.
Hasbullah.com,
Not sure how documentation helps, I have read it I understand and they are compleate.
I have conectivity to the internet and all OS Routers and public IP. I can ping anything outside my local network.
I just can't ping some address.
When I do an Ip-Scan I get the following address.
192.168.2.6
192.168.2.11
192.168.2.18
192.168.2.20
192.168.2.22
192.168.2.86
192.168.2.103
192.168.2.104
192.168.2.105
192.168.2.114
192.168.2.121
192.168.2.122
192.168.2.164
192.168.2.169
192.168.2.219
192.168.2.223
192.168.2.225
192.168.2.235
I can ping some of the address but not others
For example I can ping 192.168.2.106 and 192.168.2.219. These are clients with active sesions.
All of the Address bellow 100 represent CPE equiment. I can not ping them.
Ping address of active clients about 100 in this case only 106 and 219. The other values I can not ping.
What am I missing in my setup?
Not sure how documentation helps, I have read it I understand and they are compleate.
I have conectivity to the internet and all OS Routers and public IP. I can ping anything outside my local network.
I just can't ping some address.
When I do an Ip-Scan I get the following address.
192.168.2.6
192.168.2.11
192.168.2.18
192.168.2.20
192.168.2.22
192.168.2.86
192.168.2.103
192.168.2.104
192.168.2.105
192.168.2.114
192.168.2.121
192.168.2.122
192.168.2.164
192.168.2.169
192.168.2.219
192.168.2.223
192.168.2.225
192.168.2.235
I can ping some of the address but not others
For example I can ping 192.168.2.106 and 192.168.2.219. These are clients with active sesions.
All of the Address bellow 100 represent CPE equiment. I can not ping them.
Ping address of active clients about 100 in this case only 106 and 219. The other values I can not ping.
What am I missing in my setup?
Re: I can’t ping CPE equipment from local network or router.
----
hai fren,
oh i see, you are running as hotspot network.. yes and ofcourse your pinging will unreachable reply when it address is not authenticated.
1. if you run as hotspot service you must plan your network as Transparant Network
2. if you need without authentication it cpe, you can set it address with ip-binding just CPE for.
regards
Hasbullah.com
----
hai fren,
oh i see, you are running as hotspot network.. yes and ofcourse your pinging will unreachable reply when it address is not authenticated.
1. if you run as hotspot service you must plan your network as Transparant Network
2. if you need without authentication it cpe, you can set it address with ip-binding just CPE for.
regards
Hasbullah.com
----
Re: I can’t ping CPE equipment from local network or router.
Big Thank You.
Ip-binding did the trick.
Tested as follows
1. Ping 192.168.2.22 -- time out
2. add ip-binding MAC=00:02:6F:3F:16:A7 Server=hotspot1 type=bypassed.
3. Ping 192.168.2.22 -- You will see some percentaged of the packets active.
4 http://192.168.2.22 you will get to the log in page for the CPE device at this address. I have only tested for this one address.
One additonal Question is I am not sure what you mean by
"1. if you run as hotspot service you must plan your network as Transparant Network"
I assume my ISP has taken care of this part of the Hotspot development.
Again thank you for the help!!
Ip-binding did the trick.
Tested as follows
1. Ping 192.168.2.22 -- time out
2. add ip-binding MAC=00:02:6F:3F:16:A7 Server=hotspot1 type=bypassed.
3. Ping 192.168.2.22 -- You will see some percentaged of the packets active.
4 http://192.168.2.22 you will get to the log in page for the CPE device at this address. I have only tested for this one address.
One additonal Question is I am not sure what you mean by
"1. if you run as hotspot service you must plan your network as Transparant Network"
I assume my ISP has taken care of this part of the Hotspot development.
Again thank you for the help!!
Re: I can’t ping CPE equipment from local network or router.
-----
Hello fren,
As far as i understood, Transparant Network is same mean Will make Roaming User Network, or you have Broadcast network over AP2AP, AP2CPE blah...blah..blah... far far away.. . . .
But by Broadcast Network isn't good idea when your plan as Large Network. by Routing is recommended.
this e.g one subnet ip-binding for:
Just becarefull, user or CPE under hotspot server will unreachable when user or cpe aren't authenthicated.
regards
Hasbullah.com
-----
Hello fren,
As far as i understood, Transparant Network is same mean Will make Roaming User Network, or you have Broadcast network over AP2AP, AP2CPE blah...blah..blah... far far away.. . . .
But by Broadcast Network isn't good idea when your plan as Large Network. by Routing is recommended.
this e.g one subnet ip-binding for:
Code: Select all
/ip hot ip-bi add address=88.88.88.88.0/28 type=bypa regards
Hasbullah.com
-----
Re: I can’t ping CPE equipment from local network or router.
in your wireless interface check that you enable forwarding
Re: I can’t ping CPE equipment from local network or router.
-----
Hai,
no, i always uncheck it or default-forwarding=no for stopping commucation each others.
regards
Hasbullah.com
-----
Hai,
no, i always uncheck it or default-forwarding=no for stopping commucation each others.
regards
Hasbullah.com
-----
in your wireless interface check that you enable forwarding