>It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch, /29 in OSPF network as well.
And the servers/laptop? On Wed, May 4, 2022 at 4:00 PM Christopher Tyler <ch...@totalhighspeed.net> wrote: > That is the export of the entire firewall on that router, there are no > forward, nat or mangle rules, therefore there shouldn't be anything keeping > the data from getting to/from anything, let alone blocking all but one IP > address in the IP range. > > It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch, > /29 in OSPF network as well. > > This is why I'm completely stumped, everything looks fine. We're going to > roll that router back tonight to 7.1.5 the "long term" version to see if > that does anything. > > -- > Christopher Tyler > Senior Network Engineer > MTCRE/MTCNA/MTCTCE/MTCWE > > Total Highspeed Internet Solutions > 1091 W. Kathryn Street > Nixa, MO 65714 > (417) 851-1107 x. 9002 > www.totalhighspeed.com > > This institution is an equal opportunity provider and employer. > Esta institución es un proveedor de servicios con igualdad de > oportunidades. > > ----- Original Message ----- > > From: "Josh Luthman" <j...@imaginenetworksllc.com> > > To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> > > Sent: Wednesday, May 4, 2022 11:39:22 AM > > Subject: Re: [AFMUG] Weird IP issue > > > Input/output aren't relevant for forward traffic. > > > > Are your subnets right everywhere? > > > > On Wed, May 4, 2022 at 12:20 PM Christopher Tyler < [ > > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote: > > > > > > Very minimal, really just basic input rules, nothing that would block > the IP > > addresses from getting through. No NAT or Mangle rules on this router. > > > > /ip firewall filter > > add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \ > > connection-state=established,related > > add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf > > add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp > > add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 > protocol=\ > > udp > > add action=accept chain=input comment="ACCEPT DHCP" dst-port=67 > protocol=udp > > add action=accept chain=input comment="Allow MTIK Bandwidth Test" > dst-port=\ > > 2000-3000 protocol=tcp > > add action=accept chain=input comment="Allow MTIK Bandwidth Test" > dst-port=\ > > 2000-3000 protocol=udp > > add action=accept chain=input dst-port=5678 protocol=tcp > > add action=accept chain=input comment="ACCEPT THIS Mgmt" > src-address-list=\ > > THIS_ADMIN > > add action=accept chain=output comment="ACCEPT ALL OUTBOUND" > > add action=drop chain=input comment="DROP ALL OTHER INPUT" > > > > > > -- > > Christopher Tyler > > Senior Network Engineer > > MTCRE/MTCNA/MTCTCE/MTCWE > > > > Total Highspeed Internet Solutions > > 1091 W. Kathryn Street > > Nixa, MO 65714 > > (417) 851-1107 x. 9002 > > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ] > > > > This institution is an equal opportunity provider and employer. > > Esta institución es un proveedor de servicios con igualdad de > oportunidades. > > > > ----- Original Message ----- > >> From: "Josh Luthman" < [ mailto:j...@imaginenetworksllc.com | > >> j...@imaginenetworksllc.com ] > > >> To: "AnimalFarm Microwave Users Group" < [ mailto:af@af.afmug.com | > >> af@af.afmug.com ] > > >> Sent: Wednesday, May 4, 2022 11:12:55 AM > >> Subject: Re: [AFMUG] Weird IP issue > > > >> Firewall filter rules? > >> > >> Double check the gateway and subnet on the server. > >> > >> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [ > >> mailto: [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > | [ > >> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] > wrote: > >> > >> > >> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running > RouterOS > >> 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I have > two > >> servers on that switch both in the the same public IP block. I can ping > both > >> servers from the router, and they can ping each other. One server is > globally > >> reachable and the other is not reachable other than from the router or > switch > >> itself. I plugged in my laptop and assigned it an IP in that same range > and > >> cannot reach it extrenally either. The router is using OSPF and I can > see the > >> route for that IP block from both sides of the router, but > traceroutes/pings to > >> anything other than the server that is working stop at the router. No > vlans or > >> special configuration between the router and the switch, just basic IP, > all > >> ports on the switch are bridged. Forwarded ports (dstnat) don't appear > to work > >> from the router either. > >> > >> I'm stumped, so I figured I would ask if anyone else has seen anything > like this > >> and have a solution, or am I looking at a possible RouterOS 7 issue? > >> > >> -- > >> Christopher Tyler > >> Senior Network Engineer > >> MTCRE/MTCNA/MTCTCE/MTCWE > >> > >> Total Highspeed Internet Solutions > >> 1091 W. Kathryn Street > >> Nixa, MO 65714 > >> (417) 851-1107 x. 9002 > >> [ [ http://www.totalhighspeed.com/ | http://www.totalhighspeed.com/ ] > | [ > >> http://www.totalhighspeed.com/ | www.totalhighspeed.com ] ] > >> > >> This institution is an equal opportunity provider and employer. > >> Esta institución es un proveedor de servicios con igualdad de > oportunidades. > >> > >> -- > >> AF mailing list > >> [ mailto: [ mailto:AF@af.afmug.com | AF@af.afmug.com ] | [ > >> mailto:AF@af.afmug.com | AF@af.afmug.com ] ] > >> [ [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | > >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] | > >> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | > >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] ] > >> > >> -- > >> AF mailing list > >> [ mailto:AF@af.afmug.com | AF@af.afmug.com ] > >> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | > >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] > > > > -- > > AF mailing list > > [ mailto:AF@af.afmug.com | AF@af.afmug.com ] > > [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | > > http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] > > > > -- > > AF mailing list > > AF@af.afmug.com > > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
