Ok I got it finally. I have 10.100.0.2 AND 207.235.20.16 on ether1. I have 207.235.23.1/26 on ether2. I have default route to 207.235.20.1 (edge). I have return route from edge for 207.235.23.0/26 to 10.100.0.2. My laptop with 207.235.23.3 connected to RB ether2 can get online now.
Is a public necessary on the outbound interface of the RB in order to get online? I take it that it is and that is why it hasn't worked til now. -Ty On Wed, Jun 13, 2012 at 3:44 PM, Ty Featherling <tyfeatherl...@gmail.com>wrote: > That is what I thought but when I look I see: > > /ip firewall nat > add action=masquerade chain=srcnat comment="default configuration" > disabled=yes out-interface=\ > ether1-gateway > > Is it just a bug and is somehow stuck in NAT even though disabled? > > Another example - when I ping from my machine behind the router the > failure is "Reply from 10.100.0.2: Destination host unreachable." > > -Ty > > > On Wed, Jun 13, 2012 at 1:59 PM, Scott Reed <sr...@nwwnet.net> wrote: > >> The router with address 10.100.0.2 is doing NAT. That is the only way I >> can see that you can have that address as the source on your outbound >> traffic. >> >> >> On 6/13/2012 2:43 PM, Ty Featherling wrote: >> >>> Okay, after putting out fires for a few days I am back at looking at this >>> issue. What I have found is that traffic from me on the >>> 207.235.23.0/26subnet is leaving ether1 on the RB like it should but >>> >>> as a result is >>> leaving AS 10.100.0.2. Since that is a private address it is not routable >>> beyond my edge. That makes sense. I replaced the private ips between the >>> two routers with public addresses and while I do have connectivity with >>> the >>> world that way, it is only because I am routed as the new public IP >>> assigned to the RB's ether1. NAT is NOT enabled. Can anyone verify my >>> thinking or explain what SHOULD be happening here? >>> >>> -Ty >>> >>> On Wed, Jun 6, 2012 at 9:02 PM, Ty >>> Featherling<tyfeatherling@**gmail.com<tyfeatherl...@gmail.com> >>> >wrote: >>> >>> After checking routes that was the first thing I checked. I'm still >>>> baffled. >>>> >>>> -Ty >>>> On Jun 6, 2012 8:34 PM, "Blake >>>> Covarrubias"<blake@beamspeed.**com<bl...@beamspeed.com>> >>>> wrote: >>>> >>>> /ip firewall nat, to be precise. Otherwise, no. >>>>> >>>>> -- >>>>> Blake Covarrubias >>>>> >>>>> On Jun 6, 2012, at 4:31 PM, Ty Featherling wrote: >>>>> >>>>> Would it be somewhere other than ip firewall? >>>>>> >>>>>> -Ty >>>>>> On Jun 6, 2012 5:44 PM, "Butch Evans"<but...@butchevans.com> wrote: >>>>>> >>>>>> On Wed, 2012-06-06 at 11:50 -0500, Ty Featherling wrote: >>>>>>> >>>>>>>> I am trying to route my first tower with mikrotik. I have a private >>>>>>>> >>>>>>> /30 >>>>> >>>>>> setup between my edge router and ether1 of the RB. I have a private >>>>>>>> >>>>>>> /24 >>>>> >>>>>> setup for an ap and it's cpe on ether2. I have a subnet of public >>>>>>>> >>>>>>> addresses >>>>>>> >>>>>>>> to use for clients of this AP and the gateway for those is set as an >>>>>>>> address on ether2 as well. Default route is the gateway for ether1 >>>>>>>> >>>>>>> which >>>>> >>>>>> is >>>>>>> >>>>>>>> our edge router. There is a route on the edge router routing that >>>>>>>> >>>>>>> subnet >>>>> >>>>>> of >>>>>>> >>>>>>>> publics back to the ether1 address of the RB. This all sounds right >>>>>>>> to >>>>>>>> >>>>>>> me. >>>>>>> >>>>>>> >>>>>>> This all sounds correct to me. From a connected device on the lan >>>>>>> side >>>>>>> (the 207.235.23.0/26 block), you are able to ping everything inside >>>>>>> >>>>>> your >>>>> >>>>>> network, but not beyond that? I'd doublecheck to ensure there is NOT >>>>>>> a >>>>>>> NAT rule in place on the MT that is causing this issue. >>>>>>> >>>>>>> -- >>>>>>> **************************************************************** >>>>>>> ******** >>>>>>> * Butch Evans * Professional Network Consultation * >>>>>>> * http://www.butchevans.com/ * Network Engineering * >>>>>>> * http://store.wispgear.net/ * Wired or Wireless Networks * >>>>>>> * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * >>>>>>> * NOTE THE NEW PHONE NUMBER: 702-537-0979 * >>>>>>> **************************************************************** >>>>>>> ******** >>>>>>> >>>>>>> >>>>>>> >>>>>>> ______________________________**_________________ >>>>>>> Mikrotik mailing list >>>>>>> Mikrotik@mail.butchevans.com >>>>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>>>>> >>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>> RouterOS >>>>>>> >>>>>>> -------------- next part -------------- >>>>>> An HTML attachment was scrubbed... >>>>>> URL:< >>>>>> >>>>> http://www.butchevans.com/**pipermail/mikrotik/** >>>>> attachments/20120606/477593d7/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/477593d7/attachment.html> >>>>> >>>>>> ______________________________**_________________ >>>>>> Mikrotik mailing list >>>>>> Mikrotik@mail.butchevans.com >>>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>>>> >>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>> >>>>> RouterOS >>>>> >>>>> ______________________________**_________________ >>>>> Mikrotik mailing list >>>>> Mikrotik@mail.butchevans.com >>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>>> >>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>> RouterOS >>>>> >>>>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL:<http://www.butchevans.**com/pipermail/mikrotik/** >>> attachments/20120613/330c7e92/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/330c7e92/attachment.html> >>> > >>> >>> ______________________________**_________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> >>> >>> ----- >>> No virus found in this message. >>> Checked by AVG - www.avg.com >>> Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date: 06/12/12 >>> >>> >>> >> -- >> Scott Reed >> Owner >> NewWays Networking, LLC >> Wireless Networking >> Network Design, Installation and Administration >> >> >> >> Mikrotik Advanced Certified >> >> www.nwwnet.net >> (765) 855-1060 >> (765) 439-4253 >> (855) 231-6239 >> >> >> ______________________________**_________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/e6e1a8ee/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS