Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Maxim Tarasov2014-11-28 19:33:00
Mikrotik
Maxim Tarasov, 2014-11-28 19:33:00

Mikrotik with configured channel reservation pings every other time?

Channel reservation is configured on Mikrotik. Everything works correctly, except for ping from outside to Mikrotik itself. I suspect that if you're lucky, and the answer goes to the same channel where the ping came from, then everything works, but if the answer decides to go to another channel, then there is no ping. How to force Mikrotik's own traffic to go to the correct channel?
Below is an excerpt from the configuration. For some reason it seems to me that the error is somewhere in this part of the configuration.

/ip firewall mangle
add action=mark-connection chain=forward in-interface=ether1-Megaline new-connection-mark=Megaline_c
add action=mark-connection chain=forward in-interface=l2tp-Beeline new-connection-mark=Beeline_c
add action=mark-routing chain=prerouting connection-mark=Megaline_c new-routing-mark=Megaline_r src-address=192.168.1.0/24
add action=mark-routing chain=prerouting connection-mark=Beeline_c new-routing-mark=Beeline_r src-address=192.168.1.0/24

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-Megaline
add action=masquerade chain=srcnat out-interface=l2tp-Beeline

/ip route
add distance=3 gateway=88.204.242.49 routing-mark=Megaline_r
add distance=3 gateway=192.168.255.254 routing-mark=Beeline_r
add distance=4 gateway="192.168.255.254,192.168.255.254,192.168.255.254,192.168.255.254,88.204.242.49"

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
Melkij, 2014-11-28
@melkij

It confuses me that you have new-connection-mark in forward.
Ah, well, yes. Who should answer pings? Mikrotik himself. This means that the forward chain is not used, instead, input and output.
Usually these rules are hung up on prerouting.

Report
C
Cool Admin, 2014-11-29
@ifaustrue

It's a little unclear how your l2tp works, but for it you have some other rules anyway, show them. Maybe that's the problem.
Well, we follow the advice above, we use the input branch for incoming traffic - we catch connections on it and mark them, and on the output branch we mark through which route the response packet should go. We also remove passthrough from the second rules so that traffic does not participate in the mangle in further processing and does not fall under neighboring rules.
We get two rules for each external interface - one catches the packet, the second sends it back. Well, do not forget about the rules for the operation of l2tp, they also need to be correctly processed in such a construction.
The logic of Mikrotik in these cases is very simple, the main thing is to understand it =)

Similar questions
S
Shell292016-03-27 20:34:27
How to set up vpn to work with clients over 3G Internet? 1Reply
I
Ivan Moiseev2016-03-28 14:20:17
Blocking p2p traffic on Mikrotik? 2Reply
Y
Yoshinon Eared2018-08-21 11:52:16
Backup Internet line based on 3G / 4G modem, which option is best? 1Reply
S
serega744222014-01-10 20:17:16
On Mikrotik pptp server, pptp client closed all ports 1Reply
P
Pavel2020-07-31 22:40:52
Mikrotik L2TP/IPSEC and Windows client what's the problem? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question