Re: [AFMUG] routing to/from 169.254.0.0

[Matt Jenkins via Af]

eoip tunnel....


Matthew Jenkins
SmarterBroadband
m...@sbbinc.net
530.272.4000

On 09/23/2014 01:57 PM, Bill Prince via Af wrote:

Thanks Paul,

This was actually a PTP650 (not Canopy). These don't enable telnet by default, so telnet wasn't an option from the beginning.

I had hoped that I could just plug the thing into the router in the closet, then do the setup from my office. However, the best I could do was ping to the PTP650, but I never got any packets coming back.

We don't have any bridges on this MT. I tried dstnat, srcnat, and netmap, but for reasons I can't explain it didn't work.

Finally resigned myself with just plugging in directly.

Oh well...

bp

On 9/23/2014 11:42 AM, Paul Conlin via Af wrote:

It looks like you have the rule right, Bill. Not sure what the problem is. Is the rule processing any packets / moving any bytes? You can ping 169.254.1.1 from the MT? And this port is not part of a bridge? Maybe verify there are no manual routes sending traffic the wrong way? Maybe a masquerade rule changing addresses?

Another way of doing this is to use ‘action=netmap’ instead of ‘dstnat’. Try the port mapping variant next I guess.

You shouldn’t need to SRCNAT the return traffic since that connection was opened by the DSTNAT. If you need the SM to be able to instigate packets to the PC, you might need to create the “mirror image” with SRCNAT going the other way but otherwise not needed.

I don’t think telnet is the least complicated way… once you get this DSTNAT way working. Due to Canopy’s poor implementation of telnet commands you sometimes need GUI access to do certain things. Eliminates the need to learn/memorize the telnet syntax.

PC

Blaze Broadband

*From:*Af [mailto:af-bounces+pconlin=blazebroadband....@afmug.com] *On Behalf Of *Mike Hammett via Af

*Sent:* Tuesday, September 23, 2014 2:18 PM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] routing to/from 169.254.0.0

When you're accessing an IP address on another subnet and the gateway isn't properly set, you need to use SRCNAT and DSTNAT.

Someone earlier said to set the 169.254.x.x IP on the MT and to then telnet from the MT. That's the least complicated way.

-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>

------------------------------------------------------------------------

*From: *"Bill Prince via Af" <af@afmug.com <mailto:af@afmug.com>>
*To: *af@afmug.com <mailto:af@afmug.com>
*Sent: *Tuesday, September 23, 2014 1:13:44 PM
*Subject: *Re: [AFMUG] routing to/from 169.254.0.0

For some reason, that's not working either.

Got the PTP650 on ether9  on the MT.  Ether9 gets IP 169.254.1.3/16.

I created a reachable address on the local interface (192.168.222.199).

Then I added the dst-nat:

/ip firewall nat add chain=dstnat action=dst-nat dst-address=192.168.222.199 to-address=169.254.1.1

I ping the 192.168.222.199 address from a PC on the local network, but nothing happens. Torching the port on the MT shows nothing happening on any IP on that port (except discovery).

bp

On 9/23/2014 10:18 AM, Paul Conlin via Af wrote:

    OMG Bill. You *have* to learn how to DST-NAT.  Great for
    programming Canopy radios and best get-me-out-of-this-jam rescue
    trick EVVVER. Access any device on any MT router anywhere—even
    when not routable.  No VPN required.  No need for Telnet tunneling.

    First put the SM on a MT interface and assign 169.254.1.2/16

    Two variants to pick from:

    Add a new [reachable_address] on the MT that you don't need for
    anything else then:

    /ip fire nat add chain=dstnat action=dst-nat
    dst-address=[reachable_address] to-address=169.254.1.1

    Then http://[reachable_address] to get to the SM

    Or use an existing MT address and map from an unused port like this:

    /ip fire nat add chain=dstnat action=dst-nat
    dst-address=[reachable_address] dst-port=8169
    to-address=169.254.1.1 to-port=80

    Then http://[reachable_address]:8169 to get  to the SM

    PC

    Blaze Broadband

    > -----Original Message-----

    > From: Af
    [mailto:af-bounces+pconlin=blazebroadband....@afmug.com] On Behalf

    > Of Bill Prince via Af

    > Sent: Tuesday, September 23, 2014 12:44 PM

    > To: af@afmug.com <mailto:af@afmug.com>

    > Subject: Re: [AFMUG] routing to/from 169.254.0.0

    >

    > I think netmap will do what I need.  I "think" I can netmap the

    > 169.254.1.1 IP address to an unused IP on my local network.  Not
    sure how netmap

    > actually works, but I'll give it a rip.

    >

    > bp

    >

    > On 9/23/2014 9:11 AM, Bill Prince via Af wrote:

    > > Doesn't work if I change the MT address to 169.254.1.3/24 either.

    > > Packets go out, but don't come back.

    > >

    > > bp

    > >

    > > On 9/23/2014 9:05 AM, Larry Smith via Af wrote:

    > >> On Tue September 23 2014 10:58, Bill Prince via Af wrote:

    > >>> Is there a way to route to/from a Cambium radio that is on the

    > >>> default IP (169.254.1.1) through a Mikrotik?  I think the
    issue is

    > >>> that the default configuration does not have a gateway.  So it

    > >>> doesn't know the way back.

    > >>>

    > >>> I put the interface on the MT on 169.254.1.3/16, but don't get

    > >>> replies unless I go directly from the MT.

    > >> Believe the Cambium default is 169.254.1.1/24 (255.255.255.0
    netmask)

    > >> and your /16 (255.255.0.0) is broadcasting on the wrong
    address for

    > >> the radio to "see" you.

    > >>

    > >

    > >