I have tried all of them 32, 24-32, 24 I have a class c I would block Sent from my iPhone
On Feb 14, 2011, at 5:42 PM, Scott Reed <sr...@nwwnet.net> wrote: > I don't know if it is the problem, but you do not have the prefix-length > clause. > > On 2/14/2011 5:05 PM, John Babineaux wrote: >> if I wanted to block just the network on the pptp connection what would I >> put I tried everything I can think of... >> best guess is >> >> /routing filter >> add action=discard chain=ospf-in disabled=no \ >> prefix=172.16.0.2/32 >> >> Im just not grabbing how it works correctly >> >> ---------------------------------------- >> >> From: "Butch Evans"<but...@butchevans.com> >> Sent: Wednesday, November 24, 2010 2:57 PM >> To: "Mikrotik discussions"<mikrotik@mail.butchevans.com> >> Subject: Re: [Mikrotik] OSPF over PPtP link >> >> On Wed, 2010-11-24 at 09:23 -0600, John Babineaux wrote: >>> I know there is a way to propagate OSPF over the link or atleast not shut >>> off that side of the network. >> John, >> I was supposed to send this to you directly, but here is even better. >> Here are the steps. First, assume the following network (forgive the >> poor ascii artwork): >> >> pvt 10.0.0.0/16 (RTR1)12.12.12.12<-->13.13.13.13(RTR2) pvt 10.1.0.0/16 >> >> I am assuming that both RTR1 and RTR2 are sharing OSPF with the rest of >> their private lan segments and have redistribute-default turned on >> (which is the source of your problem). We will first build a tunnel >> between RTR1 and RTR2 and assign IP space as follows: >> >> RTR1 is the "server" and has the user secret for RTR2 set with >> local-address as 172.16.0.1 and remote-address as 172.16.0.2, which >> means that if you look at RTR1 ip addresses (when the tunnel is >> connected), you will see: >> >> IP: 172.16.0.1 BROADCAST: 172.16.0.2 >> >> On RTR2, you will see: >> IP: 172.16.0.2 BROADCAST: 172.16.0.1 >> >> On RTR1, you need to add the broadcast address as a "network" in OSPF >> like this: >> >> /routing ospf network >> add network=172.16.0.2 area=backbone >> >> RTR2 would have: >> /routing ospf network >> add network=172.16.0.1 area=backbone >> >> The problem is that these 2 routers would share routes that you do NOT >> want to see. SO, you can just filter the routes you will insert from >> OSPF on these 2 routers like this: >> >> /routing filter >> add action=accept chain=ospf-in comment="Allow 10.x" disabled=no \ >> prefix=10.0.0.0/8 prefix-length=8-32 >> add action=discard chain=ospf-in disabled=no invert-match=no >> >> These rules would cause OSPF to ONLY accept routes in the 10.x.x.x range >> from ANY router in the OSPF network. You would, of course, add the >> specific network ranges that you want to accept from either side. Your >> filter may (or may not) be different on the two routers. >> >> While this is not a 100% tutorial, hopefully, it will be enough to get >> you going. >> > > -- > Scott Reed > Owner > NewWays Networking, LLC > Wireless Networking > Network Design, Installation and Administration > Mikrotik Advanced Certified > www.nwwnet.net > (765) 855-1060 > > > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
