You said that you have one of the public ip's assigned to the riverstone. That might be causing the problem. What netmask did you use on the riverstone for the public ip? If you used a /24 then the riverstone thinks that whole subnet is attached to it and is probably ignoring the routing for the /24 back to the MT.
Bret Clark wrote: > At this point I think I would just port mirror on a port on the > Riverstone and see what Wireshark is showing. I see nothing wrong with > the routing statements and I know it works as we have a fair number of > Mikrotiks running with RS3000's and RS8000's using OSPF's. > > > On Thu, 2010-02-11 at 10:20 -0800, Paul Gerstenberger wrote: > > >> I have public IPs, the 10.0.4.0 network is my OSPF backbone network. I'm not >> trying to go out with those addresses. What I've put down as >> yyy.yyy.yyy.0/24 signifies my new public IPs. >> >> I'm using one of the new public IPs right now, but I had to attach it to the >> riverstone (which holds the default gateway to our ISP). >> >> -Paul >> >> On Feb 11, 2010, at 10:12 AM, Dennis Burgess wrote: >> >> >>> NAT. your 10.x is privates, you may need to nat them out. >>> >>> ----------------------------------------------------------- >>> Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, >>> MTCTCE, MTCUME >>> Link Technologies, Inc -- Mikrotik & WISP Support Services >>> Office: 314-735-0270 Website: http://www.linktechs.net >>> LIVE On-Line Mikrotik Training - Author of "Learn RouterOS" >>> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On >>> Behalf Of Paul Gerstenberger >>> Sent: Thursday, February 11, 2010 11:56 AM >>> To: WISPA General List >>> Subject: Re: [WISPA] Routing Help [Default Route to OSPF] >>> >>> I have the new network permitted in my ingress and egress ACLs for our >>> outbound interface. I've also tried using a smaller subnet of IPs from a >>> different pool that we've been using for years. And I briefly disabled >>> the ACLs altogether to test. >>> >>> And when I attach this network direct to the riverstone, everything >>> works. That's why I though it was an internal routing misconfiguration. >>> >>> -Paul >>> >>> On Feb 11, 2010, at 9:47 AM, Data Technology wrote: >>> >>> >>>> Could it be a firewall rule? >>>> >>>> >>>> Paul Gerstenberger wrote: >>>> >>>>> Same story, I disabled OSPF on both devices (but both are still on >>>>> >>> the 10.0.4.0 network) put this route in the riverstone: >>> >>>>> ip add route yyy.yyy.yyyy.0/24 gateway 10.0.4.3 >>>>> >>>>> and this in the mikrotik: >>>>> >>>>> ip route add dst-address=0.0.0.0/0 gateway=10.0.4.1 (pretty >>>>> >>> sure, I did it from WinBox) >>> >>>>> Again, I can ping out to all local resources off the riverstone, but >>>>> >>> I time out when trying to get outside, but I can ping into those publics >>> from an external network. >>> >>>>> MacBook-Pro:~ pgerst$ traceroute 4.2.2.1 >>>>> traceroute to 4.2.2.1 (4.2.2.1), 64 hops max, 52 byte packets >>>>> 1 yyy.yyy.yyy.1 (yyy.yyy.yyy.1) 0.673 ms 0.132 ms 0.165 ms >>>>> 2 10.0.4.1 (10.0.4.1) 0.406 ms 0.365 ms 0.358 ms >>>>> 3 * * * >>>>> >>>>> -Paul >>>>> >>>>> On Feb 11, 2010, at 3:57 AM, Bret Clark wrote: >>>>> >>>>> >>>>> >>>>>> Paul Gerstenberger wrote: >>>>>> >>>>>> >>>>>>> There are a number of blackhole routes and ACL lines for >>>>>>> >>> unallocated IPs, that's why it's so long. Probably overkill. >>> >>>>>>> I'm not running NAT on the mikrotik, but I'm planning doing so with >>>>>>> >>> some of these IPs. >>> >>>>>>> [ad...@mikrotik] > /routing ospf export >>>>>>> # feb/11/2010 05:34:32 by RouterOS 4.5 >>>>>>> # software id = QQQQ-QQQQ >>>>>>> # >>>>>>> /routing ospf instance >>>>>>> set default comment="" disabled=no distribute-default=never >>>>>>> >>> in-filter=ospf-in metric-bgp=20 \ >>> >>>>>>> metric-connected=20 metric-default=1 metric-other-ospf=auto >>>>>>> >>> metric-rip=20 metric-static=20 \ >>> >>>>>>> name=default out-filter=ospf-out redistribute-bgp=no >>>>>>> >>> redistribute-connected=as-type-1 \ >>> >>>>>>> redistribute-other-ospf=no redistribute-rip=no >>>>>>> >>> redistribute-static=no router-id=10.0.4.3 >>> >>>>>>> /routing ospf area >>>>>>> set backbone area-id=0.0.0.0 comment="" disabled=no >>>>>>> >>> instance=default name=backbone type=default >>> >>>>>>> /routing ospf interface >>>>>>> add authentication=none authentication-key="" >>>>>>> >>> authentication-key-id=1 comment="" cost=10 \ >>> >>>>>>> dead-interval=40s disabled=no hello-interval=10s instance-id=0 >>>>>>> >>> interface=ether1-gateway \ >>> >>>>>>> network-type=broadcast passive=no priority=1 >>>>>>> >>> retransmit-interval=5s transmit-delay=1s \ >>> >>>>>>> use-bfd=no >>>>>>> /routing ospf network >>>>>>> add area=backbone comment="" disabled=no network=10.0.4.0/27 >>>>>>> >>>>>>> >>>>>>> >>>>>>> Here are the relevant routes: >>>>>>> >>>>>>> RS-1# ip show routes >>>>>>> >>>>>>> Destination Gateway Owner Netif >>>>>>> ----------- ------- ----- ----- >>>>>>> default ZZZ.ZZZ.ZZZ.25 Static HREC-EIA >>>>>>> 10.0.4.0/27 directly connected - WISP-201 >>>>>>> YYY.YYY.YYY.0/24 10.0.4.3 OSPF_ASE WISP-201 >>>>>>> >>>>>>> XXX.XXX.XXX.24/30 directly connected - HREC-EIA >>>>>>> >>>>>>> [ad...@mikrotik] > ip route print >>>>>>> >>>>>>> Flags: X - disabled, A - active, D - dynamic, >>>>>>> C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, >>>>>>> B - blackhole, U - unreachable, P - prohibit >>>>>>> >>>>>>> # DST-ADDRESS PREF-SRC GATEWAY >>>>>>> >>> DISTANCE >>> >>>>>>> 0 ADo 0.0.0.0/0 - 10.0.4.1 110 >>>>>>> >>>>>>> 2 ADC 10.0.4.0/27 10.0.4.3 ether1-gateway 0 >>>>>>> >>>>>>> 30 ADC yyy.yyy.yyy.0/24 zzz.zzz.zzz.1 ether2-local >>>>>>> >>> 0 >>> >>>>>>> 44 ADo xxx.xxx.xxx.24/30 - 10.0.4.1 110 >>>>>>> >>>>>>> -Paul >>>>>>> >>>>>>> >>>>>>> >>>>>> Strange...everything looks right to me. Routing tables are as I >>>>>> >>> would >>> >>>>>> expect. You don't happen to have any ACL's being applied to the >>>>>> interface that the Mikrotik is attached too? What happen if you >>>>>> eliminate using OSPF for now and just setup the configuration using >>>>>> static routes? Does it work then? >>>>>> >>>>>> >>>>>> >>>>>> >>> ------------------------------------------------------------------------ >>> -------- >>> >>>>>> WISPA Wants You! Join today! >>>>>> http://signup.wispa.org/ >>>>>> >>>>>> >>> ------------------------------------------------------------------------ >>> -------- >>> >>>>>> WISPA Wireless List: [email protected] >>>>>> >>>>>> Subscribe/Unsubscribe: >>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>> >>>>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>>>> >>>>>> >>>>> >>>>> >>>>> >>> ------------------------------------------------------------------------ >>> -------- >>> >>>>> WISPA Wants You! Join today! >>>>> http://signup.wispa.org/ >>>>> >>>>> >>> ------------------------------------------------------------------------ >>> -------- >>> >>>>> WISPA Wireless List: [email protected] >>>>> >>>>> Subscribe/Unsubscribe: >>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>> >>>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>> ------------------------------------------------------------------------ >>> -------- >>> >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> >>>> >>> ------------------------------------------------------------------------ >>> -------- >>> >>>> WISPA Wireless List: [email protected] >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>> >>> ------------------------------------------------------------------------ >>> -------- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> ------------------------------------------------------------------------ >>> -------- >>> >>> WISPA Wireless List: [email protected] >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >>> >>> -------------------------------------------------------------------------------- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> -------------------------------------------------------------------------------- >>> >>> WISPA Wireless List: [email protected] >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
