And either delete or enable/disable the NAT rule to see if it has a problem.
On 6/13/2012 7:04 PM, Jeromie Reeves wrote:
No, It should not be required. I run my entire network on privates and
only put publics where I need them. You have
something fishy with the config. do you have 10.100.0.1 on the
upstream router? If so, get rid of the 207.235.20.16
IP and keep the 10.100.0.2 then default route over those for 0.0.0.0/0
and 207.235.23.0/26. should work fine. If not,
you still have something wrong in the config. I find it best to
delete the default config even if disabled.
On Wed, Jun 13, 2012 at 2:15 PM, Ty Featherling<tyfeatherl...@gmail.com> wrote:
Ok I got it finally. I have 10.100.0.2 AND 207.235.20.16 on ether1. I have
207.235.23.1/26 on ether2. I have default route to 207.235.20.1 (edge). I
have return route from edge for 207.235.23.0/26 to 10.100.0.2. My laptop
with 207.235.23.3 connected to RB ether2 can get online now.
Is a public necessary on the outbound interface of the RB in order to get
online? I take it that it is and that is why it hasn't worked til now.
-Ty
On Wed, Jun 13, 2012 at 3:44 PM, Ty Featherling<tyfeatherl...@gmail.com>wrote:
That is what I thought but when I look I see:
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration"
disabled=yes out-interface=\
ether1-gateway
Is it just a bug and is somehow stuck in NAT even though disabled?
Another example - when I ping from my machine behind the router the
failure is "Reply from 10.100.0.2: Destination host unreachable."
-Ty
On Wed, Jun 13, 2012 at 1:59 PM, Scott Reed<sr...@nwwnet.net> wrote:
The router with address 10.100.0.2 is doing NAT. That is the only way I
can see that you can have that address as the source on your outbound
traffic.
On 6/13/2012 2:43 PM, Ty Featherling wrote:
Okay, after putting out fires for a few days I am back at looking at this
issue. What I have found is that traffic from me on the
207.235.23.0/26subnet is leaving ether1 on the RB like it should but
as a result is
leaving AS 10.100.0.2. Since that is a private address it is not routable
beyond my edge. That makes sense. I replaced the private ips between the
two routers with public addresses and while I do have connectivity with
the
world that way, it is only because I am routed as the new public IP
assigned to the RB's ether1. NAT is NOT enabled. Can anyone verify my
thinking or explain what SHOULD be happening here?
-Ty
On Wed, Jun 6, 2012 at 9:02 PM, Ty
Featherling<tyfeatherling@**gmail.com<tyfeatherl...@gmail.com>
wrote:
After checking routes that was the first thing I checked. I'm still
baffled.
-Ty
On Jun 6, 2012 8:34 PM, "Blake
Covarrubias"<blake@beamspeed.**com<bl...@beamspeed.com>>
wrote:
/ip firewall nat, to be precise. Otherwise, no.
--
Blake Covarrubias
On Jun 6, 2012, at 4:31 PM, Ty Featherling wrote:
Would it be somewhere other than ip firewall?
-Ty
On Jun 6, 2012 5:44 PM, "Butch Evans"<but...@butchevans.com> wrote:
On Wed, 2012-06-06 at 11:50 -0500, Ty Featherling wrote:
I am trying to route my first tower with mikrotik. I have a private
/30
setup between my edge router and ether1 of the RB. I have a private
/24
setup for an ap and it's cpe on ether2. I have a subnet of public
addresses
to use for clients of this AP and the gateway for those is set as an
address on ether2 as well. Default route is the gateway for ether1
which
is
our edge router. There is a route on the edge router routing that
subnet
of
publics back to the ether1 address of the RB. This all sounds right
to
me.
This all sounds correct to me. From a connected device on the lan
side
(the 207.235.23.0/26 block), you are able to ping everything inside
your
network, but not beyond that? I'd doublecheck to ensure there is NOT
a
NAT rule in place on the MT that is causing this issue.
--
****************************************************************
********
* Butch Evans * Professional Network Consultation *
* http://www.butchevans.com/ * Network Engineering *
* http://store.wispgear.net/ * Wired or Wireless Networks *
* http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! *
* NOTE THE NEW PHONE NUMBER: 702-537-0979 *
****************************************************************
********
______________________________**_________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:<
http://www.butchevans.com/**pipermail/mikrotik/**
attachments/20120606/477593d7/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/477593d7/attachment.html>
______________________________**_________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
______________________________**_________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:<http://www.butchevans.**com/pipermail/mikrotik/**
attachments/20120613/330c7e92/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/330c7e92/attachment.html>
______________________________**_________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date: 06/12/12
--
Scott Reed
Owner
NewWays Networking, LLC
Wireless Networking
Network Design, Installation and Administration
Mikrotik Advanced Certified
www.nwwnet.net
(765) 855-1060
(765) 439-4253
(855) 231-6239
______________________________**_________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS
-------------- next part --------------
An HTML attachment was scrubbed...
URL:<http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/e6e1a8ee/attachment.html>
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date: 06/12/12
--
Scott Reed
Owner
NewWays Networking, LLC
Wireless Networking
Network Design, Installation and Administration
Mikrotik Advanced Certified
www.nwwnet.net
(765) 855-1060
(765) 439-4253
(855) 231-6239
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
