Answer the question
In order to leave comments, you need to log in
F
F
fedor-it2020-07-29 21:45:38
fedor-it, 2020-07-29 21:45:38
MikroTik ping problem on local network. Does everyone have it?
There are Mikrotiki RB951Ui-2Hnd and hAP lite. On both tests with the same settings
1 port - wan (dhcp client + nat)
2-5 port + wireless - in the bridge (dhcp server on it)
Firewall - no rules.
In short, the default settings.
The situation is as follows:
I am from a computer connected via ethernet (conditionally Host No. 1) I launch a ping to a host connected via Wi-Fi (Host No. 2). Pings do not go, writes "the specified host is not available." At the same time, I launch pings from Mikrotik (or from another host on the local network) to the Wi-Fi host (Host No. 2) - pings go and immediately start to go pings from Host No. 1 to Host No. 2.
After some time, the situation may manifest itself differently:
From Host#1 I send a ping to Host#2 - there are no pings. And after a while (20-30 seconds or a few minutes) pings start to go. Moreover, the first 3-4 pings with a large delay (1000ms, 700ms, 100ms).
It manifests itself on different Mikrotiks. I made the ARP table static - it does not help. The situation is very similar to the flushing of the arp table on the switches. (This is when the table is completely clogged and a new entry does not occur). But I only have 16 records maximum. Help people in the know, please.
1 answer(s)
@nucleon
- this is not a description! you would at least bring the firewall rules here, a picture of the network ...
but in general, not debian came across a similar problem, with filtering and NAT enabled, the rules ^
iptables -P OUTPUT ACCEPT
were not enough to pass pings from the router to the local network. At the same time, the router pinged from the external and local network and the corresponding rules were.
Solution:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
can of course be limited by interfaces:
iptables -A FORWARD -i $NET_IFACE -o $LAN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
If you, as you write, ping, that is, then no, then this is probably not a problem of rules, but a problem of physics.
1) check if the problem is only observed with the connection "local port-router-wifi", or if it is also
observed with the connection "local port-router-local port"
2) check that your cable or wifi connection does not fall off
1- 1) try to check the wireless network, for example, using the mobile application "Wifi Analyzer" (by Keuwlsoft), make sure that you are alone in this network (channel), and alone use the channel specified on the router.
if this is not the case, change the channel on the router to an unused one and rescan the network. if you notice that other unknown
devices change the channel after you !(this is important) to you, then congratulations - you are most likely to be broken. And you can't completely protect yourself from it. You can only increase the level of encryption and hide the seed, but not all devices can work with such a network.
1-2) ring the cable for damage, change the port on the router, replace the cable
2) try updating the driver for the network device (network card or wifi card)
3) check if the problem occurs if you turn off the Firewall (aka Brandwall)
4) has it makes sense to look at your system logs for strange messages (such as IP address conflicts, connection errors)
5) if these actions did not help identify the problem, try updating the router firmware
N
nucleon, 2020-12-14 @nucleon
Necropost of course, but for the future:
I am from a computer connected via ethernet (conditionally Host No. 1) I launch a ping to a host connected via Wi-Fi (Host No. 2). Pings do not go, writes "the specified host is not available." At the same time, I launch pings from Mikrotik (or from another host on the local network) to the Wi-Fi host (Host No. 2) - pings go and immediately start to go pings from Host No. 1 to Host No. 2. ...
- this is not a description! you would at least bring the firewall rules here, a picture of the network ...
but in general, not debian came across a similar problem, with filtering and NAT enabled, the rules ^
iptables -P OUTPUT ACCEPT
were not enough to pass pings from the router to the local network. At the same time, the router pinged from the external and local network and the corresponding rules were.
Solution:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
can of course be limited by interfaces:
iptables -A FORWARD -i $NET_IFACE -o $LAN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
If you, as you write, ping, that is, then no, then this is probably not a problem of rules, but a problem of physics.
1) check if the problem is only observed with the connection "local port-router-wifi", or if it is also
observed with the connection "local port-router-local port"
2) check that your cable or wifi connection does not fall off
1- 1) try to check the wireless network, for example, using the mobile application "Wifi Analyzer" (by Keuwlsoft), make sure that you are alone in this network (channel), and alone use the channel specified on the router.
if this is not the case, change the channel on the router to an unused one and rescan the network. if you notice that other unknown
devices change the channel after you !(this is important) to you, then congratulations - you are most likely to be broken. And you can't completely protect yourself from it. You can only increase the level of encryption and hide the seed, but not all devices can work with such a network.
1-2) ring the cable for damage, change the port on the router, replace the cable
2) try updating the driver for the network device (network card or wifi card)
3) check if the problem occurs if you turn off the Firewall (aka Brandwall)
4) has it makes sense to look at your system logs for strange messages (such as IP address conflicts, connection errors)
5) if these actions did not help identify the problem, try updating the router firmware
Similar questions
S
A
A
H
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question