my public ip is xxx.xxx.79.45
i enter mikrotik throught winbox and ping 192.168.0.1 and the result is timeout.
i ping 192.168.0.1 from 192.168.0.4 the result is success.
so why i cant ping mikrotik from inside it ?.
-
-
zaherhamiyah
Frequent Visitor
- Posts: 82
- Joined:
ping issue
my internal ip is 192.168.0.1
my public ip is xxx.xxx.79.45
i enter mikrotik throught winbox and ping 192.168.0.1 and the result is timeout.
i ping 192.168.0.1 from 192.168.0.4 the result is success.
so why i cant ping mikrotik from inside it ?.
my public ip is xxx.xxx.79.45
i enter mikrotik throught winbox and ping 192.168.0.1 and the result is timeout.
i ping 192.168.0.1 from 192.168.0.4 the result is success.
so why i cant ping mikrotik from inside it ?.
I just read all of your different posts...
I would say that you REALLY should take the time to read the manual and get some basic ip network knowledge, if you don't have it.
And two more suggestions:
- Writing that MikroTik is making you crazy and is bad in some way or the other makes at least me ask myself why you just don't use something else if you really don't like it.
- And if you want to get help here in the forum, post meaningful descriptions. Without knowing your configuration and the setup of your systems, how should anyone help you with a question?
Best regards,
Christian Meis
I would say that you REALLY should take the time to read the manual and get some basic ip network knowledge, if you don't have it.
And two more suggestions:
- Writing that MikroTik is making you crazy and is bad in some way or the other makes at least me ask myself why you just don't use something else if you really don't like it.
- And if you want to get help here in the forum, post meaningful descriptions. Without knowing your configuration and the setup of your systems, how should anyone help you with a question?
Best regards,
Christian Meis
-
-
zaherhamiyah
Frequent Visitor
- Posts: 82
- Joined:
Dear Christian,
First :u need to notice that :
1-u dont need to read all my posts
2-i have only 19 posts and u have about 767 posts
3-i hold MCP,MCDST,MCSA(S+M) in 2000 & 2003,MCSE(S+M) in 2000 & 2003,CCNA,and CCA
4-i am new to linux world
Second:
1-i read all the manual regarding what i want from it and i found that it needs a lot of enhancments and needs to catch the newest version with all the new features even they say that it is for version 2.9!!!!!!!!
2-after tests for about 2 months not all instructions found in the manual are applicable and successfull in implementing.
3-i have the right to write as i want as this is allowed to me from the company
4-i use microsoft isa server and it can ping it self!!!!!!!!!!
5-i want to use mikrotik and linux and this what i want and insist to do
6-what ever u say "why you just don't use something else if you really don't like it" i didn't say that i dont like it and plz dont say me things i didn't say
7-my internal ip is 192.168.0.1
my public ip is xxx.xxx.79.45
i enter mikrotik throught winbox and ping 192.168.0.1 and the result is timeout.
i ping 192.168.0.1 from 192.168.0.4 the result is success.
8-so why i cant ping mikrotik from inside it ?
9-what else do u want to know u can ask me as it seems u had a lot of time reading my posts at least u can ask for more info!!!!!!!!!!!!!!!!!!!!
767-is this description not enough to know what is the problem MR 767?
Yours ,
Zaher Hamiyah
No fense!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
First :u need to notice that :
1-u dont need to read all my posts
2-i have only 19 posts and u have about 767 posts
3-i hold MCP,MCDST,MCSA(S+M) in 2000 & 2003,MCSE(S+M) in 2000 & 2003,CCNA,and CCA
4-i am new to linux world
Second:
1-i read all the manual regarding what i want from it and i found that it needs a lot of enhancments and needs to catch the newest version with all the new features even they say that it is for version 2.9!!!!!!!!
2-after tests for about 2 months not all instructions found in the manual are applicable and successfull in implementing.
3-i have the right to write as i want as this is allowed to me from the company
4-i use microsoft isa server and it can ping it self!!!!!!!!!!
5-i want to use mikrotik and linux and this what i want and insist to do
6-what ever u say "why you just don't use something else if you really don't like it" i didn't say that i dont like it and plz dont say me things i didn't say
7-my internal ip is 192.168.0.1
my public ip is xxx.xxx.79.45
i enter mikrotik throught winbox and ping 192.168.0.1 and the result is timeout.
i ping 192.168.0.1 from 192.168.0.4 the result is success.
8-so why i cant ping mikrotik from inside it ?
9-what else do u want to know u can ask me as it seems u had a lot of time reading my posts at least u can ask for more info!!!!!!!!!!!!!!!!!!!!
767-is this description not enough to know what is the problem MR 767?
Yours ,
Zaher Hamiyah
No fense!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I see what he is trying to say...
If he pings the local address of his internal interface, from witin winbox, the ping fails. (this packet sould never leave the router it is a ping to an interlal address)
This would be similar to pinging the internal loop back interface on any IP stack.. (127.0.0.1)
If he pings his internal interface from another device inside his NAT ie 192.168.0.4 the ping succeeds...
As this is an internal stack request, it sould never pass any NATs..
It could however pass thru a filter rule if it is interperited as an input. (Router input chain)
I tested this and it will fail under the folowing conditions..
1) place a filter in the input chain for PING and create a drop rule for icmp for all packets orriginating from the router to 0.0.0.0/0 (all addresses). In this case the ping will fail..
2) place a drop rule for ICMP from 0.0.0.0/0 to the router's internal interface. the PING will fail here as well..
Nat should have nothing to do with it as no request to "cross the router" have been made (unless there are mangle rules involved..)
My guess would be an accidental filter rule ment for the external interface that got aplied to the internal interface..
The issue could be a simple typo / oops in a filter rule...
I have made MANY oops in filter rules in my day...
I am a,,, dare I say it ,,, CNE and I mess up with the best of them...
Po boby is nerfect.....
This may be the case, or I may have simply be out of my mind, but I would take another look at the firewall rules and make sure thet there isnt a filter invalved...
PS after more barin farts... I think the later test is closer to the thruth,,
A filter rule filtering the origination of ICMP "from" the router's internal interface is the most likely, as it would allow for the reply to a PING but trap it's own origination of a "grope" request...
Just my two cents worth (US)....
Craig
If he pings the local address of his internal interface, from witin winbox, the ping fails. (this packet sould never leave the router it is a ping to an interlal address)
This would be similar to pinging the internal loop back interface on any IP stack.. (127.0.0.1)
If he pings his internal interface from another device inside his NAT ie 192.168.0.4 the ping succeeds...
As this is an internal stack request, it sould never pass any NATs..
It could however pass thru a filter rule if it is interperited as an input. (Router input chain)
I tested this and it will fail under the folowing conditions..
1) place a filter in the input chain for PING and create a drop rule for icmp for all packets orriginating from the router to 0.0.0.0/0 (all addresses). In this case the ping will fail..
2) place a drop rule for ICMP from 0.0.0.0/0 to the router's internal interface. the PING will fail here as well..
Nat should have nothing to do with it as no request to "cross the router" have been made (unless there are mangle rules involved..)
My guess would be an accidental filter rule ment for the external interface that got aplied to the internal interface..
The issue could be a simple typo / oops in a filter rule...
I have made MANY oops in filter rules in my day...
I am a,,, dare I say it ,,, CNE and I mess up with the best of them...
Po boby is nerfect.....
This may be the case, or I may have simply be out of my mind, but I would take another look at the firewall rules and make sure thet there isnt a filter invalved...
PS after more barin farts... I think the later test is closer to the thruth,,
A filter rule filtering the origination of ICMP "from" the router's internal interface is the most likely, as it would allow for the reply to a PING but trap it's own origination of a "grope" request...
Just my two cents worth (US)....
Craig
-
-
zaherhamiyah
Frequent Visitor
- Posts: 82
- Joined:
A-no body is perfect that's the point
My guess would be an accidental filter rule ment for the external interface that got aplied to the internal interface..
The issue could be a simple typo / oops in a filter rule...
I have made MANY oops in filter rules in my day...
I am a,,, dare I say it ,,, CNE and I mess up with the best of them...
Po boby is nerfect.....
This may be the case, or I may have simply be out of my mind, but I would take another look at the firewall rules and make sure thet there isnt a filter invalved...
PS after more barin farts... I think the later test is closer to the thruth,,
A filter rule filtering the origination of ICMP "from" the router's internal interface is the most likely, as it would allow for the reply to a PING but trap it's own origination of a "grope" request...
Craig
B-i disabled the following input rule:
X ;;; drop all that is not from unicast chain=input src-address-type=!unicast action=drop
and everything is ok.
now i can ping the internal ip 192.168.0.1 of mikrotik server from tools>ping
Thanks all of u guys for trying,
keep trying......................
yours ,
zaher hamiyah
Who is online
Users browsing this forum: No registered users and 34 guests