Network issues with server
 

I just received a MikroTik RouterBoard RB951Ui-2HnD to replace my aging and unreliable Netgear router. I have not done anything advanced with it yet; I just set an SSID and password and connected to it. Everything is working without issue, except that I am having problems connecting to my server (which is on the WiFi network) from any other machine.

The server is at 192.168.88.253, and I have set a static IP for it in the router's DHCP leases. If I try to ping it after connecting to the network on my laptop:
However, I can ping other devices with no issue, for example, my phone:
The same thing happens if I try to ping it from another device, such as my phone. However, I have found that if I first ping in the other direction, from the server to the laptop or other device, this fixes the problem, and I can then ping from the other device to the server. Here is the result of pinging the server from my laptop after pinging the laptop from the server:
It will continue to work until my laptop (or other device) is disconnected from the network. Upon connecting again, it is not able to ping the server.

Now, this may be an issue with the router, but considering I have no problems pinging between other devices on the network, I think there must be something misconfigured on the router side. I've never seen anything like this before, and I'm at a loss for what could be causing it. As I mentioned, the server's DHCP lease is static, but the same behavior occurs when it is dynamic.

More information: the server uses Network Manager, specifically nmcli from the command line. I have tried clearing /etc/NetworkManager/system-connections and changing the network SSID and password. It is running Slackware64-14.2. I can provide any other information as needed.

I should clarify, the server is definitely connected to the network, and it appears on the web interface for the router. The problem seems to be that no other devices on the network can see it until they have been pinged by it.

If you assign the server's mac address/ip in the router's dhcpd and set the server to use dhcp what happens?

Your router has some more advanced capabilities and your reported issue looks to me as an ARP table (update) issue:
https://wiki.mikrotik.com/wiki/Manua...ocol_operation
- check on the router if the ARP table contains info about your Slackware system

Additionally, try arp -a on your Slackware system and check if you have the router (gateway IP) in the table.
To enforce a static ARP entry on your Slackware system, in your case the router GW MAC address, try:
- substitute Router_GW_IP with the router GW IP and xx:xx:xx:xx:xx:xx with the router MAC (LAN/Wifi)

Extra:
Make sure that on the Slackware system you have the networking configured correctly (WiFi iface IP, GW, default route and no conflicting-with-your-actual-new-setup firewall restriction or static ARP records).

Check if your Slackware system / router SW has no other internal ARP unresolved issues, like:
https://www.linuxquestions.org/quest...7/#post5776741

P.S. If unsatisfied with your actual router SW, you might want to take a look at OpenWRT and the newly developed LEDE port/fork and "pour" it into your router ;)
https://wiki.openwrt.org/toh/mikrotik/rb951g_2hnd
https://forum.lede-project.org/t/ins...51ui-2hnd/3751

Personally, I really like OpenWRT, stable, advanced, flexible and fast.

Thanks for the suggestions. I haven't gotten to try them yet, but I wanted to add that apparently this problem is not limited to the server, but also my wife's MacBook. My phone and laptop have no trouble reaching each other, though. Also, all the connected devices show up in the arp table on the router, but the MacBook and the server don't appear when I run arp -a on my laptop. My Android phone does. So yes, it's definitely an arp issue.

You can try to look what's going on at the ARP level and investigate more by using tcpdump on your Slackware system (+ router & other systems where you have the ability):
INTERFACE = wlan0 (or whatever name it has)

On OpenWRT/LEDE, besides a lot of nice features, there are 3 major configuration possibilities that are really helpful and not many of-the-shelf routers support them:
1. you have the possibility to use your own iptables rules sets
2. you can disable the forwarding on the (pseudo)LAN-Bridge, isolating LAN clients and only discretionary forward ports between them
3. you can remove the WiFi from the LAN bridge:
https://wiki.openwrt.org/doc/recipes/routedap

Do you mean instead of using NetworkManager? NetworkManager is already using dhcp to get an IP from the router.

I checked arp -a on the server, and it already lists the correct router gateway and MAC address, so I don't think that's the problem.

This went a little over my head, but the server has nothing other than the default set in iptables:

Here is the output of the route command. I notice that there are two entries for 192.168.88.0. Could that be a problem? On my laptop there is only one (with Metric = 600).

Regarding the thread you linked, are you suggesting I run those ARP flux mitigation commands, or is there something I should check first to know if it's needed? Sorry, I'm still a bit of a n00b when it comes to networking.

Here is some output of tcpdump on the server during the time when I was trying to ping it from my laptop.

Looks like it is only communicating with the router.

I will keep that in mind. On my old router, I installed DD-WRT, but RouterOS (that the MikroTik runs) is obviously way more capable than I am, and I would expect it to work better than anything else on MikroTik hardware. I think this must be a problem with my router setup somewhere. I've posted on the MikroTik forums too, so hopefully I can work this out without switching to a completely different firmware.

- this is wrong and I'm not sure which is to blame - router for providing crap over DHCP or your Slackware Server having maybe a manual leftover wlan0 adapter definition.
But then you stated that you have another MacBook that is experiencing the same behavior like your Slackware server. In this case it's only the router playing crazy.
Check on your router for any potential mistakes in the LAN Network/NetworkMask definition, LAN Default Gateway IP - which should be 192.168.88.1 and the IP for your Slackware System in the DHCP reservation fields.

Try to setup your Slackware box with static IP (disable DHCP) and on the router disable the IP reservation you've made for your Slackware system - the router should accept that the client has a static IP already configured. See if you get a normal routing table and check again the connectivity with ping.

Extra, could you please use instead of the old route command (just cosmetics and a better representation):

- just check the vales of those variables, instead of echo 1 > /proc/sys/something... run: cat /proc/sys/something and see if the returning value is 1/0 (ON/OFF). But that is just for the router (since your Slackware box is only connected through WiFi - doesn't have multiple adapters on the same LAN) and I was just speculating - I hope that the ones that have built your router were knowledgeable enough to get it configured properly.


If I were you, I would edit the post in which you pasted your real MAC addresses and delete / change them, juts for the sake of your privacy ;)

Actually, seems I was wrong about the MacBook. It doesn't appear in arp -a until I ping it, but I think that's normal. I actually don't have a problem pinging it.

Well, I'm having trouble getting a static IP to work with wireless. I will have to try later. Anyway, after restarting NetworkManager, the duplicate line in the routing table is gone. (IP address changed because I decided to try a different static DCHP lease, just to see if changing it made a difference.)

But the problem persists.

Thanks for the tip. I have edited it. I'm afraid I have to give up for today. Hopefully tomorrow will be less frustrating. :(

- 192.168.88.10 is the IP the router assigned to your Slackware host (interface wlan0) over DHCP, which is different from 192.168.88.253 and is obviously not what you expected/configured
- check on the router to see if the DHCP pool (maybe is divided between Ethernet and WiFi) is covering all the address space up to 254 - for example: 192.168.88.10-192.168.88.254 I don't know anything about RouterOS.
- I'm afraid I cannot help you with NetworkManager but only with basic Linux commands (I'm not even installing the NetworkManager package) and I'm also ending my LQ "addiction" for today ... busy


P.S. It's not the best practice to configure a server through DHCP. I'm usually defining the IP Address reservation together with the MAC in the router DHCP table and use static IP definition on the host. The host won't send any DHCP requests and the router will only keep the IP Address reserved and allow the host (IP & MAC match) once is up and communicating. Everybody's happy!

Actually, it is what I configured. I purposely changed it in the router just to see if it would make a difference. Upon disconnecting and reconnecting the server to the network, 192.168.88.10 is the new IP address, but it still can't be pinged from other devices in the LAN (except for the router itself, or if the server first pings the other device).

Yes, it seems to be.

Well, I really appreciate your help. Have a good one.

Always happy to help! You should have a good one (lecture) too:
https://wiki.mikrotik.com/wiki/Manual:IP/ARP

- as a workaround, before you switch to LEDE :) - > check ARP Mode on the router and eventually define a static ARP record for the Slackware server - put that static arp definition in a boot script somewhere (if possible) to survive a router reboot.

Me out! ;)

Thanks. I will try this next. I think from reading the docs that I now know how to set up a static IP on wireless using rc.inet1.conf and wpa_supplicant. I will also try a static ARP.