Page 1 of 1
Traffic not working without Torch
Posted: Mon May 12, 2014 3:47 pm
by bibawa
Dear,
Got some very, very strange problem I'll try to explain..
OUR SIDE:
RB2011UAS for the routing on our network, one uplink ETH4 is a direct uplink to a customer private cage
CUSTOMER SIDE:
- RB2011UiAS
- ETH1 uplink (direct uplink to ETH4 on our RB)
- ETH2 ==> Direct link to temporary server
- ETH3 ==> Link to Xen server with VLANS 101, 102 on it
I've created a bridge to bridge, ETH1, ETH2, ETH3, VLAN 101 and VLAN 102.
Now the fun parts begins:
- As ETH2 is directly bridged with ETH1 I can ping the devices on the temporary server without any problem
- I can't ping any device that's behind ETH3, but now, as soon as I start TORCH on ETH3 i can reach devices behind that interface.
Does anybody knows how this comes? Why is it working with torch on the interface and not working when torch is off ? This issue is getting me crazy, please help..
thanks in advance !
Re: Traffic not working without Torch
Posted: Mon May 12, 2014 7:55 pm
by rickfrey
Can you post a copy of your export? I'm willing to bet some of the settings are a little off.
Re: Traffic not working without Torch
Posted: Mon May 12, 2014 8:21 pm
by bibawa
Hi ,
Thanks for your assistance, the config:
# may/12/2014 19:20:34 by RouterOS 6.12
# software id = EWM0-5AGT
#
/interface bridge
add l2mtu=1598 name="Onapp Management"
add admin-mac=4C:5E:0C:45:44:E8 auto-mac=no l2mtu=1594 name=bridge-local
add l2mtu=1598 name=iDRAC protocol-mode=none
/interface ethernet
set [ find default-name=ether3 ] name=ETH3
set [ find default-name=ether5 ] name=ETH5 speed=1Gbps
set [ find default-name=ether10 ] name=ETH10
set [ find default-name=ether1 ] name=ether1-gateway speed=1Gbps
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
ether9-slave-local
set [ find default-name=sfp1 ] disabled=yes
/ip neighbor discovery
set ether1-gateway discover=no
/interface vlan
add interface=ETH5 l2mtu=1594 name=VLAN.1 vlan-id=1
add interface=ETH5 l2mtu=1594 name=VLAN.50 vlan-id=50
add interface=ETH5 l2mtu=1594 name=VLAN.101 vlan-id=101
add interface=ETH5 l2mtu=1594 name=VLAN.102 vlan-id=102
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=10.94.195.120,10.94.195.150
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
/port
set 0 name=serial0
/ppp profile
set 1 dns-server=8.8.8.8,8.8.4.4 remote-address=default-dhcp
/system logging action
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ETH3
add bridge=iDRAC interface=ether4
add bridge=bridge-local interface=ETH5
add bridge=bridge-local interface=ether1-gateway
add bridge="Onapp Management" interface=ether2
add bridge="Onapp Management" interface=ETH10
add bridge="Onapp Management"
add bridge=bridge-local interface=VLAN.101
add bridge=bridge-local interface=VLAN.102
add bridge=bridge-local interface=VLAN.1
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
bridge-local network=192.168.88.0
add address=185.18.148.125/23 interface=bridge-local network=185.18.148.0
add address=10.94.195.1/24 comment="Uplink naar switch voor VLAN 30" \
interface=ether2 network=10.94.195.0
add address=10.0.0.1/16 comment="Uplink naar switch voor VLAN 40" interface=\
iDRAC network=10.0.0.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=drop chain=input src-address=117.79.91.220
add chain=forward
add chain=input
add chain=output
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment=\
"Internet Toegang vanaf 10.94.195.0" src-address=10.94.195.0/24
add action=masquerade chain=srcnat comment=\
"Internet Toegang vanaf 10.0.0.0/16" src-address=10.0.0.0/16
add action=dst-nat chain=dstnat comment=\
"Port forward 185.18.148.125 -> Onapp Control panel (443)" dst-address=\
185.18.148.125 dst-port=443 protocol=tcp to-addresses=10.0.0.2 to-ports=\
443
add action=dst-nat chain=dstnat comment=\
"Port forward 185.18.148.125 -> Onapp Control panelserver (22)" \
dst-address=185.18.148.125 dst-port=22 protocol=tcp to-addresses=10.0.0.2 \
to-ports=22
/ip firewall service-port
set irc disabled=yes
/ip route
add distance=1 gateway=185.18.148.1
/ip upnp
set allow-disable-external-interface=no
/lcd
set backlight-timeout=never default-screen=interfaces
/lcd pin
set pin-number=3303
/lcd interface
set sfp1 disabled=yes interface=sfp1
set ether1-gateway interface=ether1-gateway
set ether2 disabled=yes interface=ether2
set ETH3 disabled=yes interface=ETH3
set ether4 disabled=yes interface=ether4
set ETH5 disabled=yes interface=ETH5
set ether6-master-local disabled=yes interface=ether6-master-local
set ether7-slave-local disabled=yes interface=ether7-slave-local
set ether8-slave-local disabled=yes interface=ether8-slave-local
set ether9-slave-local disabled=yes interface=ether9-slave-local
set ETH10 disabled=yes interface=ETH10
/ppp secret
add local-address=185.18.148.125 name=userpassword=**** profile=\
default-encryption service=pptp
/system clock
set time-zone-name=Europe/Brussels
/system ntp client
set enabled=yes mode=unicast primary-ntp=80.190.147.92 secondary-ntp=\
217.69.78.82
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ETH3
add interface=ether4
add interface=ETH5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ETH3
add interface=ether4
add interface=ETH5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=bridge-local
Do you maybe have skype? It's a bit easier to communicate .
thanks for your cooperation !
Re: Traffic not working without Torch
Posted: Mon May 12, 2014 8:24 pm
by bibawa
Side note:
Also after rebooting the communication is working for a couple of minutes..
Re: Traffic not working without Torch
Posted: Mon May 12, 2014 9:46 pm
by rickfrey
In your bridge settings, set the mode to rstp, enable the Use IP firewall and Use IP Firewall for VLAN. If that does not resolve it, then try turning your firewall off and see if that is interrupting the communication.
Re: Traffic not working without Torch
Posted: Mon May 12, 2014 10:57 pm
by bibawa
Tried that, enabled rstp on all bridged , enabled firewall on the bridge & vlan, but still no luck..
How can I disable the whole firewall ?
Re: Traffic not working without Torch
Posted: Tue May 13, 2014 5:54 am
by rickfrey
If you are in winbox, goto IP-> Firewall and on the filter tab, select and disable to all of the rules.