Could it be a firewall rule?
Paul Gerstenberger wrote: > Same story, I disabled OSPF on both devices (but both are still on the > 10.0.4.0 network) put this route in the riverstone: > > ip add route yyy.yyy.yyyy.0/24 gateway 10.0.4.3 > > and this in the mikrotik: > > ip route add dst-address=0.0.0.0/0 gateway=10.0.4.1 (pretty sure, I > did it from WinBox) > > Again, I can ping out to all local resources off the riverstone, but I time > out when trying to get outside, but I can ping into those publics from an > external network. > > MacBook-Pro:~ pgerst$ traceroute 4.2.2.1 > traceroute to 4.2.2.1 (4.2.2.1), 64 hops max, 52 byte packets > 1 yyy.yyy.yyy.1 (yyy.yyy.yyy.1) 0.673 ms 0.132 ms 0.165 ms > 2 10.0.4.1 (10.0.4.1) 0.406 ms 0.365 ms 0.358 ms > 3 * * * > > -Paul > > On Feb 11, 2010, at 3:57 AM, Bret Clark wrote: > > >> Paul Gerstenberger wrote: >> >>> There are a number of blackhole routes and ACL lines for unallocated IPs, >>> that's why it's so long. Probably overkill. >>> >>> I'm not running NAT on the mikrotik, but I'm planning doing so with some of >>> these IPs. >>> >>> [ad...@mikrotik] > /routing ospf export >>> # feb/11/2010 05:34:32 by RouterOS 4.5 >>> # software id = QQQQ-QQQQ >>> # >>> /routing ospf instance >>> set default comment="" disabled=no distribute-default=never >>> in-filter=ospf-in metric-bgp=20 \ >>> metric-connected=20 metric-default=1 metric-other-ospf=auto >>> metric-rip=20 metric-static=20 \ >>> name=default out-filter=ospf-out redistribute-bgp=no >>> redistribute-connected=as-type-1 \ >>> redistribute-other-ospf=no redistribute-rip=no redistribute-static=no >>> router-id=10.0.4.3 >>> /routing ospf area >>> set backbone area-id=0.0.0.0 comment="" disabled=no instance=default >>> name=backbone type=default >>> /routing ospf interface >>> add authentication=none authentication-key="" authentication-key-id=1 >>> comment="" cost=10 \ >>> dead-interval=40s disabled=no hello-interval=10s instance-id=0 >>> interface=ether1-gateway \ >>> network-type=broadcast passive=no priority=1 retransmit-interval=5s >>> transmit-delay=1s \ >>> use-bfd=no >>> /routing ospf network >>> add area=backbone comment="" disabled=no network=10.0.4.0/27 >>> >>> >>> >>> Here are the relevant routes: >>> >>> RS-1# ip show routes >>> >>> Destination Gateway Owner Netif >>> ----------- ------- ----- ----- >>> default ZZZ.ZZZ.ZZZ.25 Static HREC-EIA >>> 10.0.4.0/27 directly connected - WISP-201 >>> YYY.YYY.YYY.0/24 10.0.4.3 OSPF_ASE WISP-201 >>> XXX.XXX.XXX.24/30 directly connected - HREC-EIA >>> >>> [ad...@mikrotik] > ip route print >>> >>> Flags: X - disabled, A - active, D - dynamic, >>> C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, >>> B - blackhole, U - unreachable, P - prohibit >>> >>> # DST-ADDRESS PREF-SRC GATEWAY DISTANCE >>> 0 ADo 0.0.0.0/0 - 10.0.4.1 110 >>> 2 ADC 10.0.4.0/27 10.0.4.3 ether1-gateway 0 >>> 30 ADC yyy.yyy.yyy.0/24 zzz.zzz.zzz.1 ether2-local 0 >>> 44 ADo xxx.xxx.xxx.24/30 - 10.0.4.1 110 >>> >>> -Paul >>> >>> >> Strange...everything looks right to me. Routing tables are as I would >> expect. You don't happen to have any ACL's being applied to the >> interface that the Mikrotik is attached too? What happen if you >> eliminate using OSPF for now and just setup the configuration using >> static routes? Does it work then? >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
