Hi,

My problem seems simple, if anyone could help there please

I have an interface ETH2 with address 192.168.141.254 on a /24 subnet and a ETH3 with address 192.168.142.254 on a /24

Both have dhcp etc.

I can't make a computer from the 141 subnet ping one from the 142 and same the other way.

Could you please help about that little problem, if you have a clean solution to make that work ?

Regards

Andy

It should happen by default.
A device from the .141.0 network will look for the other on the .142.0 network. Since it can not find it within it's own network, will ask the router about it. The router on the other hand will know where the other device is, will discover it and establish connection. This because both networks are connected to the router and create the connected routes automatically. Unless there is some firewall filter rules or routing policy preventing this to happen, they should connect.

Hi,

My problem seems simple, if anyone could help there please

I have an interface ETH2 with address 192.168.141.254 on a /24 subnet and a ETH3 with address 192.168.142.254 on a /24

Both have dhcp etc.

I can't make a computer from the 141 subnet ping one from the 142 and same the other way.

Could you please help about that little problem, if you have a clean solution to make that work ?

Regards

Andy

Should be work by default may be their is problem with settings please share router settings here

Is DHCP giving default gateway address?

Here is the configuration

# jan/02/2002 06:47:40 by RouterOS 6.3
# software id = 9LFB-WFVQ
#
/interface bridge
add admin-mac=D4:CA:6D:E6:24:A7 auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
add name=bridge-local-2
/interface ethernet
set 0 name=ether1-gateway
set 3 disabled=yes
set 4 disabled=yes
set 5 disabled=yes name=ether6-master-local
set 6 disabled=yes name=ether7-slave-local
set 7 disabled=yes name=ether8-slave-local
set 8 disabled=yes name=ether9-slave-local
set 9 disabled=yes name=ether10-slave-local
set 10 name=sfp1-gateway
/interface pppoe-client
add add-default-route=yes comment="ADSL DIRECTION" disabled=no interface=\
ether1-gateway name=pppoe-out-DIRECTION password=XXXXX service-name=ADSL \
user=XXXXXX
/ip neighbor discovery
set ether1-gateway discover=no
set sfp1-gateway discover=no
set pppoe-out-DIRECTION comment="ADSL DIRECTION"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5,sha1 enc-algorithms=\
3des,aes-128,aes-192,aes-256,blowfish
/ip pool
add name=pool-141 ranges=192.168.141.100-192.168.141.200
add name=pool-142 ranges=192.168.142.100-192.168.142.200
/ip dhcp-server
add address-pool=pool-141 disabled=no interface=bridge-local name=dhcp-141
add address-pool=pool-142 disabled=no interface=bridge-local-2 name=dhcp-142
/port
set 0 name=serial0
/ppp profile
add dns-server=192.168.141.254 local-address=10.0.0.141 name=profile-vpn-pptp
add dns-server=192.168.141.254 local-address=10.1.0.141 name=\
profile-vpn-mnt-pptp
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local-2 interface=ether3
/interface ethernet switch port
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 12 default-vlan-id=0
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.141.254/24 comment="default configuration" interface=\
bridge-local network=192.168.141.0
add address=192.168.142.254/24 comment="default configuration" interface=\
bridge-local-2 network=192.168.142.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=sfp1-gateway
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.141.0/24 comment="default configuration" dns-server=\
192.168.141.5,192.168.141.254 gateway=192.168.141.254 netmask=24 \
ntp-server=192.168.141.254
add address=192.168.142.0/24 comment="default configuration" dns-server=\
192.168.142.254 gateway=192.168.142.254 netmask=24 ntp-server=\
192.168.142.254
/ip dns
set allow-remote-requests=yes servers=117.20.32.54,117.20.32.84
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out-DIRECTION to-addresses=0.0.0.0
add chain=srcnat comment="NAT TUNNEL DAFE" dst-address=161.48.0.0/16 \
src-address=192.168.142.0/24
add chain=srcnat dst-address=10.200.0.0/13 src-address=192.168.142.0/24
add chain=srcnat dst-address=86.66.22.0/24 src-address=192.168.142.0/24
/ip ipsec peer
add address=86.66.23.2/32 dpd-interval=disable-dpd enc-algorithm=aes-128 \
hash-algorithm=sha1 secret=XXXXXX
/ip ipsec policy
add dst-address=10.200.0.0/13 sa-dst-address=86.66.23.2 sa-src-address=\
117.20.37.121 src-address=192.168.142.0/24 tunnel=yes
add dst-address=86.66.22.0/24 sa-dst-address=86.66.23.2 sa-src-address=\
117.20.37.121 src-address=192.168.142.0/24 tunnel=yes
add dst-address=161.48.0.0/16 sa-dst-address=86.66.23.2 sa-src-address=\
117.20.37.121 src-address=192.168.142.0/24 tunnel=yes
/lcd interface
set sfp1-gateway interface=sfp1-gateway
set ether1-gateway interface=ether1-gateway
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6-master-local interface=ether6-master-local
set ether7-slave-local interface=ether7-slave-local
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-slave-local interface=ether10-slave-local
/system clock
set time-zone-name=Pacific/Wallis
/system identity
set name=MKT-DIRECTION
/system ntp client
set enabled=yes primary-ntp=202.22.232.241 secondary-ntp=119.148.67.183
/system ntp server
set enabled=yes
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=bridge-local

A couple of things. If I am reading correctly you have disabled all your ethernet ports except the ether1, right?
Why use bridge when under the bridge you have encapsulated only one interface? Bridge is meant to .. bridge two or more interfaces.
And in your post I don't see /ip route configuration?

The only interface up are the 1 2 and 3

I m putting them in the bridge, cause for the moment, i m only using those 3, but in a near future, i will add more port to those bridge

And you can't see the route configuration for a simple reason, they are all dynamics.

Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADC 192.168.141.0/24 192.168.141.254 bridge-local 0
1 ADC 192.168.142.0/24 192.168.142.254 bridge-local-2 0

Thanks a lot for your quick answer, feel free to ask any question, i will answer them right now to try to fix my problem

Regards

Andy

How are the clients connected to your router? Are they served by dhcp?
From your router, can you ping the clients?

The client on port 2 get the 141 dhcp as you can see in the config, and those on the 3 get the 142.

Everyone on the same subnet can talk to each other, there is no problem about that.

what i meant is if you can ping computers from both networks from your router, to be sure that the router can actually reach them. Also, these computers will discover each other by IP and not by using Microsft Discovery for example since they are not on the same broadcast domain.

in the masquerade rule I would go with only one rule just for testing: notice, without the to-addresses=0.0.0.0

I don't think it's a solution.

Mascarading the pppoe-direction isn't supposed to do anything but give this to all my bridge/interface right ?

My pppoe is not even connected at the moment, and i don't see why i would need it to go from ETH2 to ETH3 ?

Can you please explain that ? cuase i m not sure i understand why you would do that ?

THanks

Andy

ps: tried it, didn't work

do you have a working conf like that i could try to import on my router to see if it works?

I need to have two subnet, one on each interface (with dhcp) that can talk together : / i m trying to find what is wrong, but can't see what : /

brother i think your bridge configuration not correct btw why you are using rstp protocol and ARP setting also missing please add simple bridge with no protocol and admin mac address and test your setting working or not then do further settings on it

I would go like this. Make a backup of the current configuration, and reset router with no defaults.
Then put a simple config, with IP for the two ethernets, one for the gateway, one masquerade rule and see what happens.
Pretty sure that both networks should connect to each other using the router. Test it with a simple configuration.

I'll try that and tell you what happens.

Thanks a lot guys

PS : the bridge configuration is the one by default

Ok, so, i just tried, total reset of the router, no configuration, just configured the dhcp, adresses on the interfaces i needed, and the basic default firewall rules the mikrotik add + one that clearly specify that from 141 you can talk to 142 etc.

Tell me where it's wrong... : / can't solve that supposed simple problem : / if someone has a working conf of something like that i would love to see it

Thanks a lot guys

# jan/02/1970 00:12:36 by RouterOS 6.3
# software id = 9LFB-WFVQ
#
/interface ethernet
set 0 name=ether1-gateway
set 10 name=sfp1-gateway
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=pool-141 ranges=192.168.141.100-192.168.141.200
add name=pool-142 ranges=192.168.142.100-192.168.142.200
/ip dhcp-server
add address-pool=pool-141 disabled=no interface=ether2 name=dhcp-141
add address-pool=pool-142 disabled=no interface=ether3 name=dhcp-142
/port
set 0 name=serial0
/ip address
add address=192.168.141.254/24 interface=ether2 network=192.168.141.0
add address=192.168.142.254/24 interface=ether3 network=192.168.142.0
/ip dhcp-server network
add address=192.168.141.0/24 dns-server=192.168.141.254 gateway=\
192.168.141.254 ntp-server=192.168.141.254
add address=192.168.142.0/24 dns-server=192.168.142.254 gateway=\
192.168.142.254 ntp-server=192.168.142.254
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add chain=forward comment="permit access between subnets" connection-state=\
new dst-address=192.168.142.0/24 src-address=192.168.141.0/24
add chain=forward comment="permit access between subnets" connection-state=\
new dst-address=192.168.141.0/24 src-address=192.168.142.0/24
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
/lcd interface
set sfp1-gateway interface=sfp1-gateway
set ether1-gateway interface=ether1-gateway
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10

I would start with no firewall filters at all.
Then, is DHCP working?
Is there a firewall on the connected systems that can hold traffic ?

Brother if you are still facing problem my advice to you is do configuration manually from scratch mean don't wile resetting router don't use default configuration then configure interfaces without bridging and check if works then create bridge and check just go thru troubleshooting way step by step

if someone has a working conf of something like that i would love to see it

It is not that it requires any specific configuration, it is just straight forward, it should work by default. That is all a router is about, connect networks attached to it.
How are you testing if the computers or devices are communicating with each other? Do you have anything in firewall mangle rule?

Nothing at all, i even started from scratch and it's not working, that's why i m asking if anyone could provide a working conf to try to understand where the problem is

I even tried to reset the router, put an address on an interface, another one on the second one. Put my two computer in static ip, and remove all firewall, and it doesn't work.

If anyone could try on his side i would love it.

Thanks a lot

If you want my skype contact is enova-andy

Regards

Andy

brother when you assign ip address to interfaces router creates default routes automatically for talking to each other in /ip route and second thing i would love to give you config but right now i did not have spare router to make configuration as per your requirement btw are you using winbox or terminal to configure router?

winbox but i also use the terminal inside winbox

winbox but i also use the terminal inside winbox

brother for you i would suggest to use winbox and i can help you on skype and also on teamviewer if you would like

Man i would seriously love it.

The support is like fucking useless, add me on skype if you want, enova-andy

Just so you understand my problem right, i can reach computer on the other subnet ( \\192.168.142.X\c$ is working from a 141 computer, but it's not really fast, like 30s waiting time, i think it's a problem), but i can't ping them. What i m afraid of, is that if i can't ping them, maybe it's blocking some others things / protocols

Thanks a lot, regards

Andy

PS : the last mail i sent to the support, tell me if anything is wrong

I check both my computers on another switch in my office. They both can ping each others without any problem, clearly the problem is not coming from my computers, or they wouldn’t be able to ping on another switch either right ?

I did a full reset, blank configuration like you asked me.

I put addresses on my interfaces :

/ip address
add address=192.168.141.254/24 interface=ether2 network=192.168.141.0
add address=192.168.142.254/24 interface=ether3 network=192.168.142.0

I then created two ip pools for my DHCP :

/ip pool
add name=pool-141 ranges=192.168.141.100-192.168.141.200
add name=pool-142 ranges=192.168.142.100-192.168.142.200

Then I created both my DHCP on each interfaces :

/ip dhcp-server
add address-pool=pool-141 disabled=no interface=ether2 name=dhcp-141
add address-pool=pool-142 disabled=no interface=ether3 name=dhcp-142
/ip dhcp-server network
add address=192.168.141.0/24 dns-server=192.168.141.254 gateway=192.168.141.254 ntp-server=192.168.141.254
add address=192.168.142.0/24 dns-server=192.168.142.254 gateway=192.168.142.254 ntp-server=192.168.142.254

And that’s all…

Both computer can’t ping each others when I put a computer on ETH2 and the other on ETH3.

As far as I understand, you told me it’s supposed to work.

Can you explain me why it’s not working please ?

I even tried to add :

/ip firewall filter
add chain=forward dst-address=192.168.142.0/24 src-address=192.168.141.0/24
add chain=forward dst-address=192.168.141.0/24 src-address=192.168.142.0/24

And it doesn’t change anything, nothing ping either.

Both computer can ping the two gateways 192.168.141.254 and 192.168.142.254

The mikrotik can ping both computers. But the computer can’t ping each others…

So what’s next ? what’s wrong with that configuration ? or what did we forget ?

I even tried to add this rule to be sure (in first position), and nothing :

/ip firewall filter
add chain=forward protocol=icmp

Man i would seriously love it.

The support is like fucking useless, add me on skype if you want, enova-andy

Just so you understand my problem right, i can reach computer on the other subnet ( \\192.168.142.X\c$ is working from a 141 computer, but it's not really fast, like 30s waiting time, i think it's a problem), but i can't ping them. What i m afraid of, is that if i can't ping them, maybe it's blocking some others things / protocols

Thanks a lot, regards

Andy

PS : the last mail i sent to the support, tell me if anything is wrong

I check both my computers on another switch in my office. They both can ping each others without any problem, clearly the problem is not coming from my computers, or they wouldn’t be able to ping on another switch either right ?

I did a full reset, blank configuration like you asked me.

I put addresses on my interfaces :

/ip address
add address=192.168.141.254/24 interface=ether2 network=192.168.141.0
add address=192.168.142.254/24 interface=ether3 network=192.168.142.0

I then created two ip pools for my DHCP :

/ip pool
add name=pool-141 ranges=192.168.141.100-192.168.141.200
add name=pool-142 ranges=192.168.142.100-192.168.142.200

Then I created both my DHCP on each interfaces :

/ip dhcp-server
add address-pool=pool-141 disabled=no interface=ether2 name=dhcp-141
add address-pool=pool-142 disabled=no interface=ether3 name=dhcp-142
/ip dhcp-server network
add address=192.168.141.0/24 dns-server=192.168.141.254 gateway=192.168.141.254 ntp-server=192.168.141.254
add address=192.168.142.0/24 dns-server=192.168.142.254 gateway=192.168.142.254 ntp-server=192.168.142.254

And that’s all…

Both computer can’t ping each others when I put a computer on ETH2 and the other on ETH3.

As far as I understand, you told me it’s supposed to work.

Can you explain me why it’s not working please ?

I even tried to add :

/ip firewall filter
add chain=forward dst-address=192.168.142.0/24 src-address=192.168.141.0/24
add chain=forward dst-address=192.168.141.0/24 src-address=192.168.142.0/24

And it doesn’t change anything, nothing ping either.

Both computer can ping the two gateways 192.168.141.254 and 192.168.142.254

The mikrotik can ping both computers. But the computer can’t ping each others…

So what’s next ? what’s wrong with that configuration ? or what did we forget ?

I even tried to add this rule to be sure (in first position), and nothing :

/ip firewall filter
add chain=forward protocol=icmp

If your firewall filter and firewall nat rules are cleared it should work.
I understand it doesn't
Can you post your ipr routes export?

Check the actual IP settings and active routing table on the PCs.
Check the PCs for any local firewall settings - e.g. settings which allow ICMP from local connected subnet but not elsewhere.
Use Trace Route to get more information.

Hi
Have you this sorted out as I have a similar problem
Thanks

Hi
Have you this sorted out as I have a similar problem
Thanks

plz share your router settings which includes interface, firewall and routes

I have the same problem:

The 192.168.99.0 route is not active above. Please indicate which networks are not routing.

Has anyone solved this? I am so tired of mikrotik and giving me this problem at alot of my clients...Please help I also need to route between two inerfaces with dhcp and its not working

You have to add nat rule: /ip firewall nat add chain=srcnat action=masquerade

Hi,
In my case i only use this rules and accessing both network
/ip firewall nat
add chain=srcnat action=src-nat to-addresses=192.168.142.0/24 protocol=tcp src-address=192.168.141.0/24 dst-address=!192.168.142.0/24 out-interface=ehter3 log=no log-prefix=""

Folks!
First of all sorry for digging up such an old thread but my problem seems to be similar so...
I have serious doubts if this problem is MikroTik related, but anyway.

Here is a thing.
I have running network, only one LAN until now.
I thought to give a try network segmentation and make separate networks.
My basic network has DHCP server enabled, but some PCs have static addresses also. DHCP pool is: 192.168.6.2-192.168.6.100
I have added second IP (10.10.8.222/24) to bridge:
...and a static IP:10.10.8.111/24 to one of network printers.
Dynamic route was created: It should be working without any problems, but it isn't.
I have tested pings from 21 devices in the network for now. Windows, linux, Qnap QTS.
Pings from 11 of those reached 10.10.8.111, but from 10 didn't.
I couldn't find any pattern. On one machine with static ip it is working, on another it's not.
On linux workstations it's working, on Qnap QTS it's not, etc, etc...Of course I was testing with firewalls off.
It is working from router itself. No surprise here.

What's odd on one of the machines I can see that pings are going to my ISP's gateway. Another strange thing is that one of the machines received dhcp lease from secondary IP address of bridge:
but on most of them it's like it should be:

Any help would be appreciated, maybe someone has an idea.
Below is a layout of whole mess (whole network is not wireless, but I just forgot to remove icon, when creating screenshot):