Tjyylli

Invalid date error by date command

How do I delete all blank lines in a buffer?

Lowest total scrabble score

Picking the different solutions to the time independent Schrodinger eqaution

Limits and Infinite Integration by Parts

What exact color does ozone gas have?

How should I respond when I lied about my education and the company finds out through background check?

Do the primes contain an infinite almost arithmetic progression?

How do apertures which seem too large to physically fit work?

Does Doodling or Improvising on the Piano Have Any Benefits?

Strong empirical falsification of quantum mechanics based on vacuum energy density

Open a doc from terminal, but not by its name

What are the advantages of simplicial model categories over non-simplicial ones?

Is there a way to get `mathscr' with lower case letters in pdfLaTeX?

It grows, but water kills it

Hero deduces identity of a killer

Plot of a tornado-shaped surface

How does a computer interpret real numbers?

Unexpected behavior of the procedure `Area` on the object 'Polygon'

How to cover method return statement in Apex Class?

How could a planet have erratic days?

Terse Method to Swap Lowest for Highest?

Why did the EU agree to delay the Brexit deadline?

Extract more than nine arguments that occur periodically in a sentence to use in macros in order to typset

Firewall filter rules and traceroute

Firewall blocks ICMP even with Allow rules, even when disbledVyatta Firewall structure and Interface DirectionRouter without DHCP set and has external IP from local perspectiveHow to isolate networks with a Mikrotik router?Difference between `Tracert` and `Traceroute`iptables rules for “virtual wire” firewallMikrotik - Filter rule is accepted, but dst-nat not workingMikrotik router serves external DNS requests despite firewall rulesPorting iptable firewall rules to freebsd pfNat to other LAN using mikrotik routeros

1

I'm trying to learn how it all goes in networking. I have a working network done by some specialists and I bought new Mikrotik router and done a new LAN in which I want to do some trial&error. So rewrited many settings from the working LAN and it seems to work but:

I can ping other computers in local network, but I can't traceroute them, I can't see them in the network I can't access local web page on one of computer running os X server. It seems like some firewall filter rules blocking it, here's screen

I don't really see into it and I can't see the difference between #1 and #2 record or the last three ones.

There's screen of the other network's router filter rules, where everything works fine:

Here I also don't see the difference between #0 and #1 records #2 and #3 and also the #8 seems to drop things that matches the other chains...

If my assumption that it's filter rules problem is wrong please let me know where the problem could be, I have no Nat rules set apart from default masquerading.

Thank's for any help.

networking router firewall mikrotik-routeros

share|improve this question

edited 11 mins ago

Duncan X Simpson

1,111823

asked Jul 11 '15 at 10:06

Marek ŽidekMarek Židek

1288

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Why not call them again and have them restore it? We don't know what the previous configurations were like.
  
  – Larssend
  Jul 11 '15 at 10:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well, I don't have problem with it, I just wanna learn something so I just bought new router and server and I try&fail alongside that working network.
  
  – Marek Židek
  Jul 11 '15 at 11:02
  

  
  
  
  

add a comment | 

1

I'm trying to learn how it all goes in networking. I have a working network done by some specialists and I bought new Mikrotik router and done a new LAN in which I want to do some trial&error. So rewrited many settings from the working LAN and it seems to work but:

I can ping other computers in local network, but I can't traceroute them, I can't see them in the network I can't access local web page on one of computer running os X server. It seems like some firewall filter rules blocking it, here's screen

I don't really see into it and I can't see the difference between #1 and #2 record or the last three ones.

There's screen of the other network's router filter rules, where everything works fine:

Here I also don't see the difference between #0 and #1 records #2 and #3 and also the #8 seems to drop things that matches the other chains...

If my assumption that it's filter rules problem is wrong please let me know where the problem could be, I have no Nat rules set apart from default masquerading.

Thank's for any help.

networking router firewall mikrotik-routeros

share|improve this question

edited 11 mins ago

Duncan X Simpson

1,111823

asked Jul 11 '15 at 10:06

Marek ŽidekMarek Židek

1288

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Why not call them again and have them restore it? We don't know what the previous configurations were like.
  
  – Larssend
  Jul 11 '15 at 10:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Well, I don't have problem with it, I just wanna learn something so I just bought new router and server and I try&fail alongside that working network.
  
  – Marek Židek
  Jul 11 '15 at 11:02
  

  
  
  
  

add a comment | 

I'm trying to learn how it all goes in networking. I have a working network done by some specialists and I bought new Mikrotik router and done a new LAN in which I want to do some trial&error. So rewrited many settings from the working LAN and it seems to work but:

I can ping other computers in local network, but I can't traceroute them, I can't see them in the network I can't access local web page on one of computer running os X server. It seems like some firewall filter rules blocking it, here's screen

I don't really see into it and I can't see the difference between #1 and #2 record or the last three ones.

There's screen of the other network's router filter rules, where everything works fine:

Here I also don't see the difference between #0 and #1 records #2 and #3 and also the #8 seems to drop things that matches the other chains...

If my assumption that it's filter rules problem is wrong please let me know where the problem could be, I have no Nat rules set apart from default masquerading.

Thank's for any help.

networking router firewall mikrotik-routeros

share|improve this question

edited 11 mins ago

Duncan X Simpson

1,111823

asked Jul 11 '15 at 10:06

Marek ŽidekMarek Židek

1288

share|improve this question

edited 11 mins ago

Duncan X Simpson

1,111823

asked Jul 11 '15 at 10:06

Marek ŽidekMarek Židek

1288

share|improve this question

edited 11 mins ago

Duncan X Simpson

1,111823

asked Jul 11 '15 at 10:06

Marek ŽidekMarek Židek

1288

edited 11 mins ago

Duncan X Simpson

1,111823

edited 11 mins ago

Duncan X Simpson

1,111823

asked Jul 11 '15 at 10:06

Marek ŽidekMarek Židek

1288

asked Jul 11 '15 at 10:06

Marek ŽidekMarek Židek

1288

1 Answer
1

active

oldest

votes

0

The reason traceroute won't work on local network is, because it all goes via 2. layer, not 3. network one, so there are no hops, ping however will work as the machine will answer.

The firewall rules on the other network router are port specific, so they will work different as your setting. Your firewall seems to accept only established connections and I guess the rule #3 is dropping everything that tries to go inside your network except of established connection. Everything on local network should work just fine.

Therefore, I would try to troubleshoot problems with OSX server on server level not network level, that comes if you can ping it's interface. You have probably not setup web server on it properly.

share|improve this answer

answered Jul 11 '15 at 10:21

tikendtikend

260112

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks, I have my web allowed and I have set everything by manual, I don't think I screwed up anything there because it was very user-friendly and easy. I don't have any public IP I just wanna try if I can see a web page: file:///Library/Server/Web/Data/Sites/www.example.com/ located at my server from another computer. I would add that the other PC is win7 and I cannot see the server or other devices in folder MyNetworkPlaces. I would also want to know about the url, the default os x web page is at pepi.local, but my custom web is at that long url: file:///Lib... how to make it example.local?
  
  – Marek Židek
  Jul 11 '15 at 10:44
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Don't know if you have setup local DNS, but if not, you have to access the web via ip adress of the server, have you tried that?
  
  – tikend
  Jul 11 '15 at 10:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks :) (no local dns) I can access to the server via it's IP, but I found out I cannot ping it :D I can ping only from the sever to the other computer... this is just confusing, another wierd thing is that in the other network(professionally made) I can traceroute the other computers even if there are 0 hops. Sorry for bothering, these are just things that you cannot find in school scripts or manuals...
  
  – Marek Židek
  Jul 11 '15 at 11:00
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If you cannot ping the server, most likely it's local firewall is stopping it. This is normal as to stop DDoS attacks. The reason traceroute works on pro configuration is probably that they have separated local network to more subnetworks, so router has to route the packets and therefore there are hops.
  
  – tikend
  Jul 11 '15 at 11:02
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @tikend: Not interested. If I don't understand you here, I won't understand you there. The point being, there's no difference between traceroute and ping at Layer 2. They're both Layer 3 entities.
  
  – Larssend
  Jul 11 '15 at 16:03
  

  
  
  
  

 | 
show 6 more comments

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f939243%2ffirewall-filter-rules-and-traceroute%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

The reason traceroute won't work on local network is, because it all goes via 2. layer, not 3. network one, so there are no hops, ping however will work as the machine will answer.

The firewall rules on the other network router are port specific, so they will work different as your setting. Your firewall seems to accept only established connections and I guess the rule #3 is dropping everything that tries to go inside your network except of established connection. Everything on local network should work just fine.

Therefore, I would try to troubleshoot problems with OSX server on server level not network level, that comes if you can ping it's interface. You have probably not setup web server on it properly.

share|improve this answer

answered Jul 11 '15 at 10:21

tikendtikend

260112

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks, I have my web allowed and I have set everything by manual, I don't think I screwed up anything there because it was very user-friendly and easy. I don't have any public IP I just wanna try if I can see a web page: file:///Library/Server/Web/Data/Sites/www.example.com/ located at my server from another computer. I would add that the other PC is win7 and I cannot see the server or other devices in folder MyNetworkPlaces. I would also want to know about the url, the default os x web page is at pepi.local, but my custom web is at that long url: file:///Lib... how to make it example.local?
  
  – Marek Židek
  Jul 11 '15 at 10:44
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Don't know if you have setup local DNS, but if not, you have to access the web via ip adress of the server, have you tried that?
  
  – tikend
  Jul 11 '15 at 10:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks :) (no local dns) I can access to the server via it's IP, but I found out I cannot ping it :D I can ping only from the sever to the other computer... this is just confusing, another wierd thing is that in the other network(professionally made) I can traceroute the other computers even if there are 0 hops. Sorry for bothering, these are just things that you cannot find in school scripts or manuals...
  
  – Marek Židek
  Jul 11 '15 at 11:00
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If you cannot ping the server, most likely it's local firewall is stopping it. This is normal as to stop DDoS attacks. The reason traceroute works on pro configuration is probably that they have separated local network to more subnetworks, so router has to route the packets and therefore there are hops.
  
  – tikend
  Jul 11 '15 at 11:02
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @tikend: Not interested. If I don't understand you here, I won't understand you there. The point being, there's no difference between traceroute and ping at Layer 2. They're both Layer 3 entities.
  
  – Larssend
  Jul 11 '15 at 16:03
  

  
  
  
  

 | 
show 6 more comments

0

The reason traceroute won't work on local network is, because it all goes via 2. layer, not 3. network one, so there are no hops, ping however will work as the machine will answer.

The firewall rules on the other network router are port specific, so they will work different as your setting. Your firewall seems to accept only established connections and I guess the rule #3 is dropping everything that tries to go inside your network except of established connection. Everything on local network should work just fine.

Therefore, I would try to troubleshoot problems with OSX server on server level not network level, that comes if you can ping it's interface. You have probably not setup web server on it properly.

share|improve this answer

answered Jul 11 '15 at 10:21

tikendtikend

260112

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks, I have my web allowed and I have set everything by manual, I don't think I screwed up anything there because it was very user-friendly and easy. I don't have any public IP I just wanna try if I can see a web page: file:///Library/Server/Web/Data/Sites/www.example.com/ located at my server from another computer. I would add that the other PC is win7 and I cannot see the server or other devices in folder MyNetworkPlaces. I would also want to know about the url, the default os x web page is at pepi.local, but my custom web is at that long url: file:///Lib... how to make it example.local?
  
  – Marek Židek
  Jul 11 '15 at 10:44
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Don't know if you have setup local DNS, but if not, you have to access the web via ip adress of the server, have you tried that?
  
  – tikend
  Jul 11 '15 at 10:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks :) (no local dns) I can access to the server via it's IP, but I found out I cannot ping it :D I can ping only from the sever to the other computer... this is just confusing, another wierd thing is that in the other network(professionally made) I can traceroute the other computers even if there are 0 hops. Sorry for bothering, these are just things that you cannot find in school scripts or manuals...
  
  – Marek Židek
  Jul 11 '15 at 11:00
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  If you cannot ping the server, most likely it's local firewall is stopping it. This is normal as to stop DDoS attacks. The reason traceroute works on pro configuration is probably that they have separated local network to more subnetworks, so router has to route the packets and therefore there are hops.
  
  – tikend
  Jul 11 '15 at 11:02
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @tikend: Not interested. If I don't understand you here, I won't understand you there. The point being, there's no difference between traceroute and ping at Layer 2. They're both Layer 3 entities.
  
  – Larssend
  Jul 11 '15 at 16:03
  

  
  
  
  

 | 
show 6 more comments

The reason traceroute won't work on local network is, because it all goes via 2. layer, not 3. network one, so there are no hops, ping however will work as the machine will answer.

The firewall rules on the other network router are port specific, so they will work different as your setting. Your firewall seems to accept only established connections and I guess the rule #3 is dropping everything that tries to go inside your network except of established connection. Everything on local network should work just fine.

Therefore, I would try to troubleshoot problems with OSX server on server level not network level, that comes if you can ping it's interface. You have probably not setup web server on it properly.

share|improve this answer

answered Jul 11 '15 at 10:21

tikendtikend

260112

share|improve this answer

answered Jul 11 '15 at 10:21

tikendtikend

260112

answered Jul 11 '15 at 10:21

tikendtikend

260112

answered Jul 11 '15 at 10:21

tikendtikend

260112