Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Maksim2015-12-01 08:47:02
Computer networks
Maksim, 2015-12-01 08:47:02

Topology sucks but should work?

7cf09fcd89a445a2a44887880ebd4296.jpg
(there are no NATs, firewalls are turned off on Mikrotik, in Kerio the very first rule is everything is allowed from everywhere)
There is a network described above, everything works in the trace package (pings go between networks).
In a real situation (using kerio):
PC 10.0.150.163 can ping 192.168.88.252
PC 192.168.88.252 does not ping PC 10.0.150.163 (but wireshark shows that requests for 163 are coming)
Routes:
Kerio stat. route 192.168.88.0 255.255.255.0 10.0.150.156
There are no routes on Mikrotik.
WHAT'S WRONG?
UPD: 10.0.150.1 - Kerio
UPD: 10.0.150.45 - Asterisk (on a network with Kerio, not marked on the diagram)
UPD2: I noticed a strange thing
> ping 10.0.150.45 src-address=192.168.88.1
SEQ HOST SIZE TTL TIME STATUS
0 10.0.150.45 timeout
1 10.0.150.45 timeout
2 10.0.150.45 timeout
3 10.0.150.45 timeout
4 10.0.150.45 timeout
sent=5 received=0 packet-loss=100%
Now I send a couple of pings from Asterisk ( from 150.45 to 88.1 - it always worked, just checked) and stop.
I repeat the procedure with Mikrotik:
> ping 10.0.150.45 src-address=192.168.88.1
SEQ HOST SIZE TTL TIME STATUS
0 10.0.150.45 56 64 0ms
1 10.0.150.45 56 64 0ms
2 10.0.150.45 56
3 65 0ms 0ms
sent=4 received=4 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms Satan
?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
Dmitry Tallmange, 2015-12-01
@p00h

PC 192.168.88.252 is not pinging PC 10.0.150.163 (but wireshark shows requests for 163 coming)
If wireshark shows that requests are coming, then the packets are getting through. Another thing is that 10.0.150.163 may not want to answer them?) For example, in Windows 7/8/10, by default, the host will not respond to an incoming icmp request.

Report
I
Ivan, 2015-12-10
@t3mp

UPD2: Noticed the strangeness

For some reason, pbx does not receive an ICMP redirect from kerio when a reply goes from pbx to network "88". Maybe it's in the statefull mode of kerio.
Show tcpdump -npvei eth0 icmpwith pbx + arp -anby doing
 > ping 10.0.150.45 src-address=192.168.88.1
and also received no response.
[[email protected] ~]# ping 192.168.88.252
PING 192.168.88.252 (192.168.88.252) 56(84) bytes of data.
From 10.0.150.1: icmp_seq=1 Redirect Host(New nexthop: 10.0.150.156)
64 bytes from 192.168.88.252: icmp_seq=1 ttl=127 time=1.15 ms

PS.
Your traffic goes past kerio due to ICMP redirect, disable the redirect, the flow will still be asymmetric, which is not good.

Similar questions
K
Kirill Ostrovsky2017-06-08 11:38:06
Parameter value in Google Analytics? 7Reply
A
Alexander2015-07-08 14:41:15
Are there analytical modeling systems using voxels? 2Reply
L
lukoie2015-01-12 15:12:20
How to tunnel traffic? 4Reply
B
Benedictus2019-06-04 10:33:28
Can I use PBR to configure Redirect to a specific L2 port and not to the next hop IP? 1Reply
E
Evgeny Ferapontov2015-01-13 16:56:28
Are the components of branded servers compatible with the “hodgepodge” of other manufacturers? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question