Yup, x.x.x.x/29 in the same range. -- Christopher Tyler Senior Network Engineer MTCRE/MTCNA/MTCTCE/MTCWE
Total Highspeed Internet Solutions 1091 W. Kathryn Street Nixa, MO 65714 (417) 851-1107 x. 9002 www.totalhighspeed.com This institution is an equal opportunity provider and employer. Esta institución es un proveedor de servicios con igualdad de oportunidades. ----- Original Message ----- > From: "Josh Luthman" <j...@imaginenetworksllc.com> > To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> > Sent: Wednesday, May 4, 2022 3:01:47 PM > Subject: Re: [AFMUG] Weird IP issue >>It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch, /29 >>in >>OSPF network as well. > > And the servers/laptop? > > On Wed, May 4, 2022 at 4:00 PM Christopher Tyler < [ > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote: > > > That is the export of the entire firewall on that router, there are no > forward, > nat or mangle rules, therefore there shouldn't be anything keeping the data > from getting to/from anything, let alone blocking all but one IP address in > the > IP range. > > It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch, /29 > in > OSPF network as well. > > This is why I'm completely stumped, everything looks fine. We're going to roll > that router back tonight to 7.1.5 the "long term" version to see if that does > anything. > > -- > Christopher Tyler > Senior Network Engineer > MTCRE/MTCNA/MTCTCE/MTCWE > > Total Highspeed Internet Solutions > 1091 W. Kathryn Street > Nixa, MO 65714 > (417) 851-1107 x. 9002 > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ] > > This institution is an equal opportunity provider and employer. > Esta institución es un proveedor de servicios con igualdad de oportunidades. > > ----- Original Message ----- >> From: "Josh Luthman" < [ mailto:j...@imaginenetworksllc.com | >> j...@imaginenetworksllc.com ] > >> To: "AnimalFarm Microwave Users Group" < [ mailto:af@af.afmug.com | >> af@af.afmug.com ] > >> Sent: Wednesday, May 4, 2022 11:39:22 AM >> Subject: Re: [AFMUG] Weird IP issue > >> Input/output aren't relevant for forward traffic. >> >> Are your subnets right everywhere? >> >> On Wed, May 4, 2022 at 12:20 PM Christopher Tyler < [ >> mailto: [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] | [ >> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] > wrote: >> >> >> Very minimal, really just basic input rules, nothing that would block the IP >> addresses from getting through. No NAT or Mangle rules on this router. >> >> /ip firewall filter >> add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \ >> connection-state=established,related >> add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf >> add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp >> add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 >> protocol=\ >> udp >> add action=accept chain=input comment="ACCEPT DHCP" dst-port=67 protocol=udp >> add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\ >> 2000-3000 protocol=tcp >> add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\ >> 2000-3000 protocol=udp >> add action=accept chain=input dst-port=5678 protocol=tcp >> add action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\ >> THIS_ADMIN >> add action=accept chain=output comment="ACCEPT ALL OUTBOUND" >> add action=drop chain=input comment="DROP ALL OTHER INPUT" >> >> >> -- >> Christopher Tyler >> Senior Network Engineer >> MTCRE/MTCNA/MTCTCE/MTCWE >> >> Total Highspeed Internet Solutions >> 1091 W. Kathryn Street >> Nixa, MO 65714 >> (417) 851-1107 x. 9002 >> [ [ http://www.totalhighspeed.com/ | http://www.totalhighspeed.com/ ] | [ >> http://www.totalhighspeed.com/ | www.totalhighspeed.com ] ] >> >> This institution is an equal opportunity provider and employer. >> Esta institución es un proveedor de servicios con igualdad de oportunidades. >> >> ----- Original Message ----- >>> From: "Josh Luthman" < [ mailto: [ mailto:j...@imaginenetworksllc.com | >>> j...@imaginenetworksllc.com ] | >>> [ mailto:j...@imaginenetworksllc.com | j...@imaginenetworksllc.com ] ] > >>> To: "AnimalFarm Microwave Users Group" < [ mailto: [ mailto:af@af.afmug.com >>> | >>> af@af.afmug.com ] | >>> [ mailto:af@af.afmug.com | af@af.afmug.com ] ] > >>> Sent: Wednesday, May 4, 2022 11:12:55 AM >>> Subject: Re: [AFMUG] Weird IP issue >> >>> Firewall filter rules? >>> >>> Double check the gateway and subnet on the server. >>> >>> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [ >>> mailto: [ mailto: [ mailto:ch...@totalhighspeed.net | >>> ch...@totalhighspeed.net ] >>> | [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] | [ >>> mailto: [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] | [ >>> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] ] > wrote: >>> >>> >>> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running RouterOS >>> 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I have two >>> servers on that switch both in the the same public IP block. I can ping both >>> servers from the router, and they can ping each other. One server is >>> globally >>> reachable and the other is not reachable other than from the router or >>> switch >>> itself. I plugged in my laptop and assigned it an IP in that same range and >>> cannot reach it extrenally either. The router is using OSPF and I can see >>> the >>> route for that IP block from both sides of the router, but >>> traceroutes/pings to >>> anything other than the server that is working stop at the router. No vlans >>> or >>> special configuration between the router and the switch, just basic IP, all >>> ports on the switch are bridged. Forwarded ports (dstnat) don't appear to >>> work >>> from the router either. >>> >>> I'm stumped, so I figured I would ask if anyone else has seen anything like >>> this >>> and have a solution, or am I looking at a possible RouterOS 7 issue? >>> >>> -- >>> Christopher Tyler >>> Senior Network Engineer >>> MTCRE/MTCNA/MTCTCE/MTCWE >>> >>> Total Highspeed Internet Solutions >>> 1091 W. Kathryn Street >>> Nixa, MO 65714 >>> (417) 851-1107 x. 9002 >>> [ [ [ http://www.totalhighspeed.com/ | http://www.totalhighspeed.com/ ] | [ >>> http://www.totalhighspeed.com/ | http://www.totalhighspeed.com/ ] ] | [ >>> [ http://www.totalhighspeed.com/ | http://www.totalhighspeed.com/ ] | [ >>> http://www.totalhighspeed.com/ | www.totalhighspeed.com ] ] ] >>> >>> This institution is an equal opportunity provider and employer. >>> Esta institución es un proveedor de servicios con igualdad de oportunidades. >>> >>> -- >>> AF mailing list >>> [ mailto: [ mailto: [ mailto:AF@af.afmug.com | AF@af.afmug.com ] | [ >>> mailto:AF@af.afmug.com | AF@af.afmug.com ] ] | [ >>> mailto: [ mailto:AF@af.afmug.com | AF@af.afmug.com ] | [ >>> mailto:AF@af.afmug.com >>> | AF@af.afmug.com ] ] ] >>> [ [ [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] | >>> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] ] | >>> [ [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] | >>> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] ] ] >>> >>> -- >>> AF mailing list >>> [ mailto: [ mailto:AF@af.afmug.com | AF@af.afmug.com ] | [ >>> mailto:AF@af.afmug.com | AF@af.afmug.com ] ] >>> [ [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] | >>> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] ] >> >> -- >> AF mailing list >> [ mailto: [ mailto:AF@af.afmug.com | AF@af.afmug.com ] | [ >> mailto:AF@af.afmug.com | AF@af.afmug.com ] ] >> [ [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] | >> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] ] >> >> -- >> AF mailing list >> [ mailto:AF@af.afmug.com | AF@af.afmug.com ] >> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] > > -- > AF mailing list > [ mailto:AF@af.afmug.com | AF@af.afmug.com ] > [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com | > http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
