LAN routing
I have 2 MikroTiks on my LAN to experiment with and test. My RB2011 is my gateway which is configured to accept a dhcp address from my ISP and has 1 LAN attached with the address range of 192.168.1.0/24. this router is configured with 2 static routes: one quad 0 default route to the WAN and the other to my second router (RB751G). The second router has ether1-gateway configured with a static IP (192.168.1.2) so it is attached to the first router's LAN. This second router has an attached LAN range of 10.0.0.0/24. this second router has a quad 0 default route to the gateway router.
PROBLEM:
Host machines on the second router LAN (10.0.0.0/24) have Internet access and can access services from my server at 192,168,1,10. I can also access the gateway router via HTTP and ssh. MY PROBLEM however, is that I cannot reach my second router from the 192.168.1.0/24 network. I can ping everyone on 10.0.0.0/24 from 192.168.1.0/24 but cannot access the router at either address 192.168.1.2 or 10.0.0.1. (neither http or ssh). What am I missing??
BTW:
I have tried to use RIP to configure routing with the same results.
IP static route info:
[admin@first-router] /ip route> pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 74.65.XXX.XXX 1
1 A S 10.0.0.0/24 192.168.1.2 1
2 ADC 74.65.xxx.0/23 74.65.XXX.XXX ether1-gateway 0
3 ADC 192.168.1.0/24 192.168.1.1 bridge-local 0
Re: Can't access second router
Can you do an export of firewall rules of this second router? I think ther is a rule that drop input.
Re: Can't access second router
Yes,
You're right. The default configuation has a DROP on the INPUT chain for traffic entering ether1-gateway. I disabled this rule and I can now access the router.
Now I have to learn to build firewall filter rules.
Thank you
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established disabled=no
add action=accept chain=input comment="default configuration" connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no in-interface=ether1-gateway
You're right. The default configuation has a DROP on the INPUT chain for traffic entering ether1-gateway. I disabled this rule and I can now access the router.
Now I have to learn to build firewall filter rules.
Thank you
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established disabled=no
add action=accept chain=input comment="default configuration" connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no in-interface=ether1-gateway
Who is online
Users browsing this forum: No registered users and 32 guests