Community discussions

MikroTik App
 
djfrancis
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Feb 02, 2012 12:01 am

Traceroute problem

Mon Oct 02, 2017 1:28 pm

Hi guys, i have a little problem/question about traceroute..

We have a /23 subnet of public IP from our ISP and i decided to split it in two smaller subnets (2 x /24), one subnet for Wireless clients and another subnet for cable clients:

ISP subnet: 10.0.0.0/23
Wireless subnet: 10.0.0.0/24
Cable subnet: 10.0.1.0/24

There are 2 PPPoE servers running on a Mikrotik CCR router.
### PPPoE Server 1 ###
Interface: Bridge_Wireless (eth2 + eth3 + eth4)
Bridge_Wireless IP: 10.0.0.1/24
Profile: Wireless_Profile
/ppp profiles add name=Wireless_Profile local-address=10.0.0.1 remote-address=Wireless_Pool

### PPPoE Server 2 ###
Interface: Vlan150 (All clients gets IP over PPPoE using this Vlan)
Vlan150 IP: 10.0.1.1/24
Profile: Cable_Profile
/ppp profiles add name=Cable_Profile local-address=10.0.1.1 remote-address=Cable_Pool

Here is the problem..
1.- If i do a traceroute from a remote PC to a WIRELESS client (10.0.0.0/24) the result is OK, remote host is reachable. Ping works OK
2.- If i do a traceroute from a remote PC to a CABLE client (10.0.1.0/24) the result is timeout when packets arrives to Mikrotik CCR, remote host is unreachable. Ping works OK
3.- If i do a traceroute from a remote Mikrotik device to a WIRELESS client (10.0.0.0/24) the result is OK, remote host is reachable
4.- If i do a traceroute from a remote Mikrotik device to a CABLE client (10.0.1.0/24) the result is OK, remote host is reachable

Several CABLE clients are having issues with online games and other network services because the problem of point 2.

Why windows cant do a correct traceroute to a CABLE clients and mikrotik yes can do it?

What are happen? Can anyone with more experience explain me?

Thanks guys!
 
djfrancis
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Feb 02, 2012 12:01 am

Re: Traceroute problem

Tue Oct 03, 2017 8:11 pm

Up Up Up
 
kujo
Member Candidate
Member Candidate
Posts: 169
Joined: Sat Jun 18, 2016 10:17 am
Location: Ukraine
Contact:

Re: Traceroute problem

Tue Oct 03, 2017 8:28 pm

Try turn on logging in all deny firewall rules log=yes


Yours respectfully!
 
djfrancis
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Thu Feb 02, 2012 12:01 am

Re: Traceroute problem

Tue Oct 03, 2017 8:41 pm

Try turn on logging in all deny firewall rules log=yes


Yours respectfully!
Hello kujo i was try to disable all firewall rules few days ago without success..

Any other tip or probe?

Thanks!
 
jeren
just joined
Posts: 1
Joined: Sat Sep 28, 2019 2:16 pm

Re: Traceroute problem

Sat Sep 28, 2019 5:43 pm

Hello All,

i think i have same issue but different with infrastructure. I just set a Mickrotik between a ISP router and Fortigate Firewall. ISP router interface is 192.168.19.253 and Firewall interface IP adress is 41.X.X.222(Real IP address). My Mikrotik device one interface IP addres is 192.168.19.254 other one is 41.X.X.221

Btw ISP ROUTED 41.X.X.220/30 network address to my Mikrotik Device.

INTERNET========>ISP ROUTER========>MIKROTIK=======>FORTIGATE

here is my problem

i CAN
From Mikrotik ping 192.168.19.253
From Mikrotik ping 41.X.X.222

i can see icmp packet arrive to my fortigate firewall and also see it going out from Fortigate and also i can see packet arrive to Mikrotik but not going from 192.168.19.254

diagnose sniffer packet any 'host 212.X.X.229' 4
interfaces=[any]
filters=[host 212.X.X.229]
13.157237 wan1 in 212.X.X.229 -> 41.X.X.222: icmp: echo request
13.157379 wan1 out 41.X.X.222 -> 212.X.X.229: icmp: echo reply
17.911674 wan1 in 212.X.X.229 -> 41.X.X.222: icmp: echo request
17.911751 wan1 out 41.X.X.222 -> 212.X.X.229: icmp: echo reply

4 packets received by filter
0 packets dropped by kernel


i CANT
From Mikrotik ping 8.8.8.8
From Fortigate ping 8.8.8.8





[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 WAN-ISP 1
1 A S 41.X.X.220/30 FORTI-P2P 1
2 ADC 192.168.19.252/30 192.168.19.254 WAN-ISP 0
FORTI-P2P
[admin@MikroTik] > ip route export
# jan/02/1970 19:29:33 by RouterOS 6.42.12
# software id = M557-VL3M
#
# model = RouterBOARD 3011UiAS
# serial number = B88D0A378BFB
/ip route
add check-gateway=arp distance=1 gateway=WAN-ISP
add distance=1 dst-address=41.X.X.220/30 gateway=FORTI-P2P
[admin@MikroTik] >


[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.19.254/30 192.168.19.252 WAN-ISP
1 41.X.X.220/30 41.X.X.220 FORTI-P2P
[admin@MikroTik] > ping 192.168.19.253
SEQ HOST SIZE TTL TIME STATUS
0 192.168.19.253 56 64 1ms
1 192.168.19.253 56 64 0ms
2 192.168.19.253 56 64 0ms
sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=1ms

[admin@MikroTik] > ping 41.X.X.222
SEQ HOST SIZE TTL TIME STATUS
0 41.X.X.222 56 255 0ms
1 41.X.X.222 56 255 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=WAN-ISP log=no log-prefix=""
[admin@MikroTik] > ip firewall nat export
# jan/02/1970 19:30:35 by RouterOS 6.42.12
# software id = M557-VL3M
#
# model = RouterBOARD 3011UiAS
# serial number = B88D0A378BFB
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN-ISP
[admin@MikroTik] >



SO why i cant ping 8.8.8.8 ? Could you give a opinion ?

Thank You
Yours Sincerely
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 12979
Joined: Thu Mar 03, 2016 10:23 pm

Re: Traceroute problem

Thu Oct 03, 2019 2:58 pm

If I understand you right, the only problem is that you can't ping 8.8.8.8 from your mikrotik router (but from fortigate you can)?

If that is so, then my guess is that ISP doesn't do NAT (or even blocks private IP addresses). And running /ping src-address=41.X.X.221 address=8.8.8.8 should work ...
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Traceroute problem

Fri Oct 04, 2019 12:06 am

Do not use interfaces as gateway, change this to the IP address of the gateway

Who is online

Users browsing this forum: almdandi, CGGXANNX, fredgr, timotei, tornadoro and 27 guests