|
Can ping router but can not winbox into itI have a rb750 two hops away from me. Its default gateway is the core router and my gateway is also the core router. All static routes. I have ubnt gear on ports 3,4 & 5 of the rb750 too. I can ping the 750 and all the ubnt gear fine from here but I can not winbox into the rb750 or access the ubnt gear either via http. I went on site again yesterday and logged into the 750 fine with my laptop to see what i could be missing, but could not find anything. I could also log into the ubnt gear once my laptop was plugged into the 750.
Any ideas guys, im just dead in the water here? |
|
Bigpaddy_Irl |
Seems I can log into the ubnt gear now but still can not log into the rb750 even though I can ping it, it just times out. |
|
superdogI Need A Drink MVM join:2001-07-13 Lebanon, PA |
said by Bigpaddy_Irl:Seems I can log into the ubnt gear now but still can not log into the rb750 even though I can ping it, it just times out. What 2 devices are between you and the RB750 when you can't log in? It wouldn't be UBNT gear would it? |
|
|
to Bigpaddy_Irl
Are there two sides to this story? Which side are you failing on and which side are you able to access? Are they one and the same? |
|
vipermCarpe Diem Premium Member join:2002-07-09 Winchester, CA |
to Bigpaddy_Irl
Do you have any mikrotik gear before the 750? if so can you lgo into that mikrotik and do a neigbors view and isee it by mac address? If so right click and log in by "mac address" and see if you can if you cant something is up.
If you can then it is some kind of routing or layer 2 issue |
|
|
There is basically only 3 parts to the equation. One core router and 2 pppoe servers, I am connected to one of the pppoe servers. Both pppoe servers are on different sites and between each server and the core router there is Layer2 ubnt bridges. |
|
superdogI Need A Drink MVM join:2001-07-13 Lebanon, PA |
said by Bigpaddy_Irl: between each server and the core router there is Layer2 ubnt bridges. I have noticed all kinds of screwy issues when trying to use almost any type of UBNT gear in a layer 2 situation and I don't know why?. I have Bullet M5's in multiple PtP connections doing layer 2 bridging without any issues. I will use the same 2 products in another location and will have all kinds of issues, even though the settings are the same. I have no clue why?. Sometimes it will work after a reboot of the units and any switches in line with them. It's like something poisons an ARP cache somehow and the Bullets don't like it, or perhaps the cache on the Bullets go crazy?????. No clue?. I can tell you to make sure you have them set to AP WDS and Station WDS on all the units. |
|
|
750's have a funky default config that firewalls port 1. (intended as WAN port)
If you did not completely remove the default config that will be why. |
|
|
|
No, I did'nt know that port was firewalled, and I checked the firewall over and over again. Damn,that means another drive then? its like 1 1/2 hours of a drive away. How do I disable the firewall for that port? |
|
|
If using a ptp backhual you need to set the UBNT radios to
AP WDS and station WDS. |
|
|
to Bigpaddy_Irl
What Rb38997 said!! The first UBNT link did we set it up as AP/Station(not the WDS) and it just totally screwed us up royally!! Supposedly, the link becomes transparent when in WDS. |
|
|
I have all my UBNT links in WDS mode. |
|
|
Heres the script that runs when you default the unit.
Work out whats causing your issue.
script: #| ether1 is renamed ether1-gateway, rest of interfaces are switched #| IP address 192.168.88.1/24 is on switch #| DHCP client is on ether1-gateway #| DHCP server is on switch, with address pool 192.168.88.10-192.168.88.254 #| masquerade on ether1-gateway :global action
# these commands are executed after installation or configuration reset :if ($action = "apply") do={ /interface set ether1 name=ether1-gateway /interface set ether2 name=ether2-local-master /interface set ether3 name=ether3-local-slave /interface set ether4 name=ether4-local-slave /interface set ether5 name=ether5-local-slave
/interface ethernet set ether3-local-slave master-port=ether2-local-master /interface ethernet set ether4-local-slave master-port=ether2-local-master /interface ethernet set ether5-local-slave master-port=ether2-local-master
/ip address add address=192.168.88.1/24 interface=ether2-local-master comment="default configuration"
:if ([:len [/system package find name="dhcp" !disabled]] != 0) do={ /ip dhcp-client add interface=ether1-gateway disabled=no comment="default configuration"; /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254; /ip dhcp-server add name=default address-pool=default-dhcp interface=ether2-local-master disabled=no; /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configurati> }
/ip firewall { filter add chain=input action=accept protocol=icmp comment="default configuration" filter add chain=input action=accept connection-state=established in-interface=ether1-gateway comment="default configuration" filter add chain=input action=accept connection-state=related in-interface=ether1-gateway comment="default configuration" filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration" nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration" }
/ip dns { set allow-remote-requests=yes static add name=router address=192.168.88.1 }
/tool mac-server remove [find] /tool mac-server add interface=ether2-local-master disabled=no /tool mac-server add interface=ether3-local-slave disabled=no /tool mac-server add interface=ether4-local-slave disabled=no /tool mac-server add interface=ether5-local-slave disabled=no
/tool mac-server mac-winbox disable [find] /tool mac-server mac-winbox disable [find] /tool mac-server mac-winbox add interface=ether2-local-master disabled=no /tool mac-server mac-winbox add interface=ether3-local-slave disabled=no /tool mac-server mac-winbox add interface=ether4-local-slave disabled=no /tool mac-server mac-winbox add interface=ether5-local-slave disabled=no
/ip neighbor discovery set [find name=ether1-gateway] discover=no |
|
vaden9 Premium Member join:2009-10-11 |
to Bigpaddy_Irl
Are you saying your pings are OK but that you can't winbox to the unit? |
|
|
Yes that is correct, I can ping it, I can log into other devices connected to its other ether ports, but I can not http or winbox into it. |
|
vaden9 Premium Member join:2009-10-11 |
vaden9
Premium Member
2010-Oct-26 5:40 am
said by Bigpaddy_Irl:Yes that is correct, I can ping it, I can log into other devices connected to its other ether ports, but I can not http or winbox into it. To avoid another trip, can you log into a device which is connected to it and then, e.g., ssh up the hill to the RB750? Are you running a stock RB750 or is the RouterOS configuration customized? If customized, what were the things you added/changed? If customized, do you have a diff of the config before and after customization? |
|
rickn join:2010-10-29 Virginia Beach, VA |
to NZFxonet
Cant Login into MikrotikI have a mikrotik up and running but the problem now is that i cant login into the mikrotik.... It usually displays the IP address and username and password but not i cant get any IP to login....
Keeps tell me that cant get index page for the IP address and Hotspot login Require...
Pls i need help |
|
|
to NZFxonet
Re: Can ping router but can not winbox into itI have ssh'd into the mikrotik router box via one of the UBNT devices connected to it. How do I display the script or even what do I edit? |
|
|
by default the firewall rules in the RB750 will not allow you to winbox in. Disable the "default configuration" in the firewall/filter and you should be able to get in. |
|
|
But I have successfullly ssh'd into the box, now how do I disable the firewall via command line? |
|
vaden9 Premium Member join:2009-10-11 |
vaden9
Premium Member
2010-Nov-4 1:09 pm
said by Bigpaddy_Irl:But I have successfullly ssh'd into the box, now how do I disable the firewall via command line? from the command line, invoke /ip firewall export and post the results; redact if necessary, but do so in a way that preserves the uniqueness of each IP address, please. |
|