if I wanted to block just the network on the pptp connection what would I put I tried everything I can think of... best guess is
/routing filter add action=discard chain=ospf-in disabled=no \ prefix=172.16.0.2/32 Im just not grabbing how it works correctly ---------------------------------------- From: "Butch Evans" <but...@butchevans.com> Sent: Wednesday, November 24, 2010 2:57 PM To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> Subject: Re: [Mikrotik] OSPF over PPtP link On Wed, 2010-11-24 at 09:23 -0600, John Babineaux wrote: > I know there is a way to propagate OSPF over the link or atleast not shut > off that side of the network. John, I was supposed to send this to you directly, but here is even better. Here are the steps. First, assume the following network (forgive the poor ascii artwork): pvt 10.0.0.0/16 (RTR1)12.12.12.12<-->13.13.13.13(RTR2) pvt 10.1.0.0/16 I am assuming that both RTR1 and RTR2 are sharing OSPF with the rest of their private lan segments and have redistribute-default turned on (which is the source of your problem). We will first build a tunnel between RTR1 and RTR2 and assign IP space as follows: RTR1 is the "server" and has the user secret for RTR2 set with local-address as 172.16.0.1 and remote-address as 172.16.0.2, which means that if you look at RTR1 ip addresses (when the tunnel is connected), you will see: IP: 172.16.0.1 BROADCAST: 172.16.0.2 On RTR2, you will see: IP: 172.16.0.2 BROADCAST: 172.16.0.1 On RTR1, you need to add the broadcast address as a "network" in OSPF like this: /routing ospf network add network=172.16.0.2 area=backbone RTR2 would have: /routing ospf network add network=172.16.0.1 area=backbone The problem is that these 2 routers would share routes that you do NOT want to see. SO, you can just filter the routes you will insert from OSPF on these 2 routers like this: /routing filter add action=accept chain=ospf-in comment="Allow 10.x" disabled=no \ prefix=10.0.0.0/8 prefix-length=8-32 add action=discard chain=ospf-in disabled=no invert-match=no These rules would cause OSPF to ONLY accept routes in the 10.x.x.x range from ANY router in the OSPF network. You would, of course, add the specific network ranges that you want to accept from either side. Your filter may (or may not) be different on the two routers. While this is not a 100% tutorial, hopefully, it will be enough to get you going. -- ******************************************************************** * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * ******************************************************************** _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20110214/2d4d6df1/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
