SOLVED! Subnets different ports cannot connect/ping
Posted: Fri May 06, 2016 2:05 pm
Just for fun and testing I setup a CentOS webserver (192.168.0.2) behind RB1100AHx2 on a HyperV, but I cant connect to it from LAN but WAN no problem.
First I tried with Hairpin NAT but that didn't solve it, so I got the idea to ping the server but I get a Destination host unreachable.
Router can ping all devices connected on the different subnets.
Centos is on switch2 ether 5 at the moment most traffic is on switch 1ether 7, which has Ubiquti ThoughSwitch connected and 2 Ubiquti AP and some IP CAMs configured with VLAN - WAN spare before I hat 2 ISP.
This is my 3 week with RouterOS and I am having a good time will playing with it, how else to learn, so maybe some of the config below is stupid
VLAN configured:
DHCP are working fine, CentOS has been given a static IP but DHCP worked.
IP Address from ISP is set with DHCP client
NAT number 2 and 3 (Hairpin) on 3filter I tried with address list where I have a list with all internal IP:
Filter Rules
Routes
First I tried with Hairpin NAT but that didn't solve it, so I got the idea to ping the server but I get a Destination host unreachable.
Router can ping all devices connected on the different subnets.
Centos is on switch2 ether 5 at the moment most traffic is on switch 1ether 7, which has Ubiquti ThoughSwitch connected and 2 Ubiquti AP and some IP CAMs configured with VLAN - WAN spare before I hat 2 ISP.
This is my 3 week with RouterOS and I am having a good time will playing with it, how else to learn, so maybe some of the config below is stupid
Code: Select all
0 ether3 1500 4C:5E:0C:3F:03:82 enabled non
1 S ether4 1500 4C:5E:0C:3F:03:83 enabled eth
2 R ether5 1500 4C:5E:0C:3F:03:84 enabled non
3 ether6 1500 4C:5E:0C:3F:03:85 enabled non
4 R ether7 1500 4C:5E:0C:3F:03:86 enabled non
5 S ether8 1500 4C:5E:0C:3F:03:87 enabled eth
6 RS ether9 1500 4C:5E:0C:3F:03:88 enabled eth
7 S ether10 1500 4C:5E:0C:3F:03:89 enabled eth
8 ether11 1500 4C:5E:0C:3F:03:8A enabled non
9 ether12 1500 4C:5E:0C:3F:03:8B enabled non
10 ether13 1500 4C:5E:0C:3F:03:8C enabled non
11 R ;;; WAN
internet 1500 4C:5E:0C:3F:03:80 enabled non
12 ;;; WAN spare
internet... 1500 4C:5E:0C:3F:03:81 enabled non
Code: Select all
0 R VLANSecurity 1500 enabled 175 ether7
1 R VLANServer 1500 enabled 75 ether5
2 R VLANWiFi 1500 enabled 125 ether7
3 R VLANWiredData 1500 enabled 100 ether7
4 R VLANguestWiFi 1500 enabled 150 ether7
Code: Select all
0 firstDHCP ether7 first-pool 1d
1 guestW... VLANguestWiFi guest-WiFi-pool 6h
2 firstW... VLANWiFi first-WiFi-pool 12h
3 server... ether5 server-pool 1w
Code: Select all
0 192.168.1.1/24 192.168.1.0 ether7
1 D X.X.X.X/24 X.X.X.X internet
2 192.168.4.1/24 192.168.4.0 VLANguestWiFi
3 192.168.3.1/24 192.168.3.0 VLANWiFi
4 192.168.2.1/24 192.168.2.0 VLANWiredData
5 192.168.0.1/24 192.168.0.0 ether5
Code: Select all
0 chain=srcnat action=masquerade out-interface=internet log=no log-prefix=""
1 chain=dstnat action=dst-nat to-addresses=192.168.0.2 protocol=tcp
in-interface=internet dst-port=80 log=no log-prefix=""
2 chain=srcnat action=masquerade protocol=tcp dst-address=192.168.0.2
src-address-list=Interne_IP out-interface=ether7 dst-port=80 log=no
log-prefix=""
3 chain=srcnat action=masquerade protocol=tcp src-address=192.168.1.0/24
dst-address=192.168.0.2 out-interface=ether5 dst-port=80 log=no
log-prefix=""
Code: Select all
0 ;;; Adgang til Router fra Interne IP
chain=input action=accept src-address-list=Interne IP log=no log-prefix=""
1 ;;; Allow ICMP echo (ping) replies to the router
chain=input action=accept protocol=icmp icmp-options=0:0-255 log=no
log-prefix=""
2 ;;; Allow ICMP echo (ping) requests from LAN to the router
chain=input action=accept protocol=icmp src-address-list=Interne IP
icmp-options=8:0-255 log=no log-prefix=""
3 chain=input action=drop protocol=icmp in-interface=internet
icmp-options=8:0-255 log=no log-prefix=""
4 ;;; Blocked Netflix
chain=forward action=drop src-address=192.168.1.201
dst-address-list=Blocked Netflix log=no log-prefix=""
5 ;;; Adgang til swich fra WAN
chain=forward action=drop dst-address=192.168.1.254
src-address-list=Interne_IP in-interface=internet log=no log-prefix=""
Code: Select all
0 ADS 0.0.0.0/0 X.X.X.X 0
1 ADC X.X.X.X/24 X.X.X.X internet 0
2 ADC 192.168.0.0/24 192.168.0.1 ether5 0
3 ADC 192.168.1.0/24 192.168.1.1 ether7 0
4 ADC 192.168.2.0/24 192.168.2.1 VLANWiredData 0
5 ADC 192.168.3.0/24 192.168.3.1 VLANWiFi 0
6 ADC 192.168.4.0/24 192.168.4.1 VLANguestWiFi 0