I just added the network to the riverstone this morning to double-check it's outbound connectivity, it was not attached to both riverstone and the mikrotik at the same time.
-Paul On Feb 11, 2010, at 11:19 AM, Data Technology wrote: > You said that you have one of the public ip's assigned to the > riverstone. That might be causing the problem. What netmask did you > use on the riverstone for the public ip? If you used a /24 then the > riverstone thinks that whole subnet is attached to it and is probably > ignoring the routing for the /24 back to the MT. > > > Bret Clark wrote: >> At this point I think I would just port mirror on a port on the >> Riverstone and see what Wireshark is showing. I see nothing wrong with >> the routing statements and I know it works as we have a fair number of >> Mikrotiks running with RS3000's and RS8000's using OSPF's. >> >> >> On Thu, 2010-02-11 at 10:20 -0800, Paul Gerstenberger wrote: >> >> >>> I have public IPs, the 10.0.4.0 network is my OSPF backbone network. I'm >>> not trying to go out with those addresses. What I've put down as >>> yyy.yyy.yyy.0/24 signifies my new public IPs. >>> >>> I'm using one of the new public IPs right now, but I had to attach it to >>> the riverstone (which holds the default gateway to our ISP). >>> >>> -Paul >>> >>> On Feb 11, 2010, at 10:12 AM, Dennis Burgess wrote: >>> >>> >>>> NAT. your 10.x is privates, you may need to nat them out. >>>> >>>> ----------------------------------------------------------- >>>> Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, >>>> MTCTCE, MTCUME >>>> Link Technologies, Inc -- Mikrotik & WISP Support Services >>>> Office: 314-735-0270 Website: http://www.linktechs.net >>>> LIVE On-Line Mikrotik Training - Author of "Learn RouterOS" >>>> >>>> -----Original Message----- >>>> From: [email protected] [mailto:[email protected]] On >>>> Behalf Of Paul Gerstenberger >>>> Sent: Thursday, February 11, 2010 11:56 AM >>>> To: WISPA General List >>>> Subject: Re: [WISPA] Routing Help [Default Route to OSPF] >>>> >>>> I have the new network permitted in my ingress and egress ACLs for our >>>> outbound interface. I've also tried using a smaller subnet of IPs from a >>>> different pool that we've been using for years. And I briefly disabled >>>> the ACLs altogether to test. >>>> >>>> And when I attach this network direct to the riverstone, everything >>>> works. That's why I though it was an internal routing misconfiguration. >>>> >>>> -Paul >>>> >>>> On Feb 11, 2010, at 9:47 AM, Data Technology wrote: >>>> >>>> >>>>> Could it be a firewall rule? >>>>> >>>>> >>>>> Paul Gerstenberger wrote: >>>>> >>>>>> Same story, I disabled OSPF on both devices (but both are still on >>>>>> >>>> the 10.0.4.0 network) put this route in the riverstone: >>>> >>>>>> ip add route yyy.yyy.yyyy.0/24 gateway 10.0.4.3 >>>>>> >>>>>> and this in the mikrotik: >>>>>> >>>>>> ip route add dst-address=0.0.0.0/0 gateway=10.0.4.1 (pretty >>>>>> >>>> sure, I did it from WinBox) >>>> >>>>>> Again, I can ping out to all local resources off the riverstone, but >>>>>> >>>> I time out when trying to get outside, but I can ping into those publics >>>> from an external network. >>>> >>>>>> MacBook-Pro:~ pgerst$ traceroute 4.2.2.1 >>>>>> traceroute to 4.2.2.1 (4.2.2.1), 64 hops max, 52 byte packets >>>>>> 1 yyy.yyy.yyy.1 (yyy.yyy.yyy.1) 0.673 ms 0.132 ms 0.165 ms >>>>>> 2 10.0.4.1 (10.0.4.1) 0.406 ms 0.365 ms 0.358 ms >>>>>> 3 * * * >>>>>> >>>>>> -Paul >>>>>> >>>>>> On Feb 11, 2010, at 3:57 AM, Bret Clark wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Paul Gerstenberger wrote: >>>>>>> >>>>>>> >>>>>>>> There are a number of blackhole routes and ACL lines for >>>>>>>> >>>> unallocated IPs, that's why it's so long. Probably overkill. >>>> >>>>>>>> I'm not running NAT on the mikrotik, but I'm planning doing so with >>>>>>>> >>>> some of these IPs. >>>> >>>>>>>> [ad...@mikrotik] > /routing ospf export >>>>>>>> # feb/11/2010 05:34:32 by RouterOS 4.5 >>>>>>>> # software id = QQQQ-QQQQ >>>>>>>> # >>>>>>>> /routing ospf instance >>>>>>>> set default comment="" disabled=no distribute-default=never >>>>>>>> >>>> in-filter=ospf-in metric-bgp=20 \ >>>> >>>>>>>> metric-connected=20 metric-default=1 metric-other-ospf=auto >>>>>>>> >>>> metric-rip=20 metric-static=20 \ >>>> >>>>>>>> name=default out-filter=ospf-out redistribute-bgp=no >>>>>>>> >>>> redistribute-connected=as-type-1 \ >>>> >>>>>>>> redistribute-other-ospf=no redistribute-rip=no >>>>>>>> >>>> redistribute-static=no router-id=10.0.4.3 >>>> >>>>>>>> /routing ospf area >>>>>>>> set backbone area-id=0.0.0.0 comment="" disabled=no >>>>>>>> >>>> instance=default name=backbone type=default >>>> >>>>>>>> /routing ospf interface >>>>>>>> add authentication=none authentication-key="" >>>>>>>> >>>> authentication-key-id=1 comment="" cost=10 \ >>>> >>>>>>>> dead-interval=40s disabled=no hello-interval=10s instance-id=0 >>>>>>>> >>>> interface=ether1-gateway \ >>>> >>>>>>>> network-type=broadcast passive=no priority=1 >>>>>>>> >>>> retransmit-interval=5s transmit-delay=1s \ >>>> >>>>>>>> use-bfd=no >>>>>>>> /routing ospf network >>>>>>>> add area=backbone comment="" disabled=no network=10.0.4.0/27 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Here are the relevant routes: >>>>>>>> >>>>>>>> RS-1# ip show routes >>>>>>>> >>>>>>>> Destination Gateway Owner Netif >>>>>>>> ----------- ------- ----- ----- >>>>>>>> default ZZZ.ZZZ.ZZZ.25 Static HREC-EIA >>>>>>>> 10.0.4.0/27 directly connected - WISP-201 >>>>>>>> YYY.YYY.YYY.0/24 10.0.4.3 OSPF_ASE WISP-201 >>>>>>>> >>>>>>>> XXX.XXX.XXX.24/30 directly connected - HREC-EIA >>>>>>>> >>>>>>>> [ad...@mikrotik] > ip route print >>>>>>>> >>>>>>>> Flags: X - disabled, A - active, D - dynamic, >>>>>>>> C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, >>>>>>>> B - blackhole, U - unreachable, P - prohibit >>>>>>>> >>>>>>>> # DST-ADDRESS PREF-SRC GATEWAY >>>>>>>> >>>> DISTANCE >>>> >>>>>>>> 0 ADo 0.0.0.0/0 - 10.0.4.1 110 >>>>>>>> >>>>>>>> 2 ADC 10.0.4.0/27 10.0.4.3 ether1-gateway 0 >>>>>>>> >>>>>>>> 30 ADC yyy.yyy.yyy.0/24 zzz.zzz.zzz.1 ether2-local >>>>>>>> >>>> 0 >>>> >>>>>>>> 44 ADo xxx.xxx.xxx.24/30 - 10.0.4.1 110 >>>>>>>> >>>>>>>> -Paul >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> Strange...everything looks right to me. Routing tables are as I >>>>>>> >>>> would >>>> >>>>>>> expect. You don't happen to have any ACL's being applied to the >>>>>>> interface that the Mikrotik is attached too? What happen if you >>>>>>> eliminate using OSPF for now and just setup the configuration using >>>>>>> static routes? Does it work then? >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>> ------------------------------------------------------------------------ >>>> -------- >>>> >>>>>>> WISPA Wants You! Join today! >>>>>>> http://signup.wispa.org/ >>>>>>> >>>>>>> >>>> ------------------------------------------------------------------------ >>>> -------- >>>> >>>>>>> WISPA Wireless List: [email protected] >>>>>>> >>>>>>> Subscribe/Unsubscribe: >>>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>>> >>>>>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>> ------------------------------------------------------------------------ >>>> -------- >>>> >>>>>> WISPA Wants You! Join today! >>>>>> http://signup.wispa.org/ >>>>>> >>>>>> >>>> ------------------------------------------------------------------------ >>>> -------- >>>> >>>>>> WISPA Wireless List: [email protected] >>>>>> >>>>>> Subscribe/Unsubscribe: >>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>> >>>>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>> ------------------------------------------------------------------------ >>>> -------- >>>> >>>>> WISPA Wants You! Join today! >>>>> http://signup.wispa.org/ >>>>> >>>>> >>>> ------------------------------------------------------------------------ >>>> -------- >>>> >>>>> WISPA Wireless List: [email protected] >>>>> >>>>> Subscribe/Unsubscribe: >>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>> >>>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>>> >>>> >>>> ------------------------------------------------------------------------ >>>> -------- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> ------------------------------------------------------------------------ >>>> -------- >>>> >>>> WISPA Wireless List: [email protected] >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>>> >>>> -------------------------------------------------------------------------------- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> -------------------------------------------------------------------------------- >>>> >>>> WISPA Wireless List: [email protected] >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>> >>> -------------------------------------------------------------------------------- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> -------------------------------------------------------------------------------- >>> >>> WISPA Wireless List: [email protected] >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
