That is funky. Is it possible you did not have the network mask's correct? I know MT will default to a /32 and cisco to a class. Is is possible there are overlapping subnets someplace? That will kill routing in a hurry when using privates for links.
On Wed, Jun 13, 2012 at 4:15 PM, Ty Featherling <tyfeatherl...@gmail.com> wrote: > I started out that way. Adding the publics is the only thing that has fixed > it. I went ahead and deleted the NAT rule altogether but it made no > difference. I will reset the config and re-setup tomorrow to see if that > helps. > > -Ty > > On Wed, Jun 13, 2012 at 6:11 PM, Scott Reed <sr...@nwwnet.net> wrote: > >> And either delete or enable/disable the NAT rule to see if it has a >> problem. >> >> >> On 6/13/2012 7:04 PM, Jeromie Reeves wrote: >> >>> No, It should not be required. I run my entire network on privates and >>> only put publics where I need them. You have >>> something fishy with the config. do you have 10.100.0.1 on the >>> upstream router? If so, get rid of the 207.235.20.16 >>> IP and keep the 10.100.0.2 then default route over those for 0.0.0.0/0 >>> and 207.235.23.0/26. should work fine. If not, >>> you still have something wrong in the config. I find it best to >>> delete the default config even if disabled. >>> >>> On Wed, Jun 13, 2012 at 2:15 PM, Ty >>> Featherling<tyfeatherling@**gmail.com<tyfeatherl...@gmail.com>> >>> wrote: >>> >>>> Ok I got it finally. I have 10.100.0.2 AND 207.235.20.16 on ether1. I >>>> have >>>> 207.235.23.1/26 on ether2. I have default route to 207.235.20.1 (edge). >>>> I >>>> have return route from edge for 207.235.23.0/26 to 10.100.0.2. My laptop >>>> with 207.235.23.3 connected to RB ether2 can get online now. >>>> >>>> Is a public necessary on the outbound interface of the RB in order to get >>>> online? I take it that it is and that is why it hasn't worked til now. >>>> >>>> -Ty >>>> >>>> On Wed, Jun 13, 2012 at 3:44 PM, Ty Featherling<tyfeatherling@** >>>> gmail.com <tyfeatherl...@gmail.com>>wrote: >>>> >>>> That is what I thought but when I look I see: >>>>> >>>>> /ip firewall nat >>>>> add action=masquerade chain=srcnat comment="default configuration" >>>>> disabled=yes out-interface=\ >>>>> ether1-gateway >>>>> >>>>> Is it just a bug and is somehow stuck in NAT even though disabled? >>>>> >>>>> Another example - when I ping from my machine behind the router the >>>>> failure is "Reply from 10.100.0.2: Destination host unreachable." >>>>> >>>>> -Ty >>>>> >>>>> >>>>> On Wed, Jun 13, 2012 at 1:59 PM, Scott Reed<sr...@nwwnet.net> wrote: >>>>> >>>>> The router with address 10.100.0.2 is doing NAT. That is the only way >>>>>> I >>>>>> can see that you can have that address as the source on your outbound >>>>>> traffic. >>>>>> >>>>>> >>>>>> On 6/13/2012 2:43 PM, Ty Featherling wrote: >>>>>> >>>>>> Okay, after putting out fires for a few days I am back at looking at >>>>>>> this >>>>>>> issue. What I have found is that traffic from me on the >>>>>>> 207.235.23.0/26subnet is leaving ether1 on the RB like it should but >>>>>>> >>>>>>> as a result is >>>>>>> leaving AS 10.100.0.2. Since that is a private address it is not >>>>>>> routable >>>>>>> beyond my edge. That makes sense. I replaced the private ips between >>>>>>> the >>>>>>> two routers with public addresses and while I do have connectivity >>>>>>> with >>>>>>> the >>>>>>> world that way, it is only because I am routed as the new public IP >>>>>>> assigned to the RB's ether1. NAT is NOT enabled. Can anyone verify my >>>>>>> thinking or explain what SHOULD be happening here? >>>>>>> >>>>>>> -Ty >>>>>>> >>>>>>> On Wed, Jun 6, 2012 at 9:02 PM, Ty Featherling<tyfeatherling@**gm** >>>>>>> ail.com >>>>>>> <http://gmail.com><tyfeatherling@gmail.**com<tyfeatherl...@gmail.com> >>>>>>> > >>>>>>> >>>>>>>> wrote: >>>>>>>> >>>>>>> After checking routes that was the first thing I checked. I'm still >>>>>>> >>>>>>>> baffled. >>>>>>>> >>>>>>>> -Ty >>>>>>>> On Jun 6, 2012 8:34 PM, "Blake Covarrubias"<blake@beamspeed.****com< >>>>>>>> bl...@beamspeed.com>> >>>>>>>> wrote: >>>>>>>> >>>>>>>> /ip firewall nat, to be precise. Otherwise, no. >>>>>>>> >>>>>>>>> -- >>>>>>>>> Blake Covarrubias >>>>>>>>> >>>>>>>>> On Jun 6, 2012, at 4:31 PM, Ty Featherling wrote: >>>>>>>>> >>>>>>>>> Would it be somewhere other than ip firewall? >>>>>>>>> >>>>>>>>>> -Ty >>>>>>>>>> On Jun 6, 2012 5:44 PM, "Butch Evans"<but...@butchevans.com> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> On Wed, 2012-06-06 at 11:50 -0500, Ty Featherling wrote: >>>>>>>>>> >>>>>>>>>>> I am trying to route my first tower with mikrotik. I have a >>>>>>>>>>>> private >>>>>>>>>>>> >>>>>>>>>>>> /30 >>>>>>>>>>> >>>>>>>>>> setup between my edge router and ether1 of the RB. I have a private >>>>>>>>>> >>>>>>>>>>> /24 >>>>>>>>>>> >>>>>>>>>> setup for an ap and it's cpe on ether2. I have a subnet of public >>>>>>>>>> >>>>>>>>>>> addresses >>>>>>>>>>> >>>>>>>>>>> to use for clients of this AP and the gateway for those is set >>>>>>>>>>>> as an >>>>>>>>>>>> address on ether2 as well. Default route is the gateway for >>>>>>>>>>>> ether1 >>>>>>>>>>>> >>>>>>>>>>>> which >>>>>>>>>>> >>>>>>>>>> is >>>>>>>>>> >>>>>>>>>>> our edge router. There is a route on the edge router routing that >>>>>>>>>>>> >>>>>>>>>>>> subnet >>>>>>>>>>> >>>>>>>>>> of >>>>>>>>>> >>>>>>>>>>> publics back to the ether1 address of the RB. This all sounds >>>>>>>>>>>> right >>>>>>>>>>>> to >>>>>>>>>>>> >>>>>>>>>>>> me. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This all sounds correct to me. From a connected device on the lan >>>>>>>>>>> side >>>>>>>>>>> (the 207.235.23.0/26 block), you are able to ping everything >>>>>>>>>>> inside >>>>>>>>>>> >>>>>>>>>>> your >>>>>>>>>> network, but not beyond that? I'd doublecheck to ensure there is >>>>>>>>>> NOT >>>>>>>>>> >>>>>>>>>>> a >>>>>>>>>>> NAT rule in place on the MT that is causing this issue. >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> **************************************************************** >>>>>>>>>>> **** >>>>>>>>>>> ******** >>>>>>>>>>> * Butch Evans * Professional Network Consultation >>>>>>>>>>> * >>>>>>>>>>> * http://www.butchevans.com/ * Network Engineering >>>>>>>>>>> * >>>>>>>>>>> * http://store.wispgear.net/ * Wired or Wireless Networks >>>>>>>>>>> * >>>>>>>>>>> * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! >>>>>>>>>>> * >>>>>>>>>>> * NOTE THE NEW PHONE NUMBER: 702-537-0979 >>>>>>>>>>> * >>>>>>>>>>> **************************************************************** >>>>>>>>>>> **** >>>>>>>>>>> ******** >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ______________________________****_________________ >>>>>>>>>>> Mikrotik mailing list >>>>>>>>>>> Mikrotik@mail.butchevans.com >>>>>>>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<http://www.butchevans.com/**mailman/listinfo/mikrotik> >>>>>>>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to >>>>>>>>>>> Mikrotik >>>>>>>>>>> RouterOS >>>>>>>>>>> >>>>>>>>>>> -------------- next part -------------- >>>>>>>>>>> >>>>>>>>>> An HTML attachment was scrubbed... >>>>>>>>>> URL:< >>>>>>>>>> >>>>>>>>>> http://www.butchevans.com/****pipermail/mikrotik/**<http://www.butchevans.com/**pipermail/mikrotik/**> >>>>>>>>> attachments/20120606/477593d7/****attachment.html<http://www.** >>>>>>>>> butchevans.com/pipermail/**mikrotik/attachments/20120606/** >>>>>>>>> 477593d7/attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/477593d7/attachment.html> >>>>>>>>> > >>>>>>>>> >>>>>>>>> ______________________________****_________________ >>>>>>>>>> Mikrotik mailing list >>>>>>>>>> Mikrotik@mail.butchevans.com >>>>>>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<http://www.butchevans.com/**mailman/listinfo/mikrotik> >>>>>>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to >>>>>>>>>> Mikrotik >>>>>>>>>> >>>>>>>>>> RouterOS >>>>>>>>> >>>>>>>>> ______________________________****_________________ >>>>>>>>> Mikrotik mailing list >>>>>>>>> Mikrotik@mail.butchevans.com >>>>>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<http://www.butchevans.com/**mailman/listinfo/mikrotik> >>>>>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>>>>>>> > >>>>>>>>> >>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>>>> RouterOS >>>>>>>>> >>>>>>>>> -------------- next part -------------- >>>>>>>>> >>>>>>>> An HTML attachment was scrubbed... >>>>>>> URL:<http://www.butchevans.****com/pipermail/mikrotik/** >>>>>>> attachments/20120613/330c7e92/****attachment.html<http://www.** >>>>>>> butchevans.com/pipermail/**mikrotik/attachments/20120613/** >>>>>>> 330c7e92/attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/330c7e92/attachment.html> >>>>>>> > >>>>>>> ______________________________****_________________ >>>>>>> Mikrotik mailing list >>>>>>> Mikrotik@mail.butchevans.com >>>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<http://www.butchevans.com/**mailman/listinfo/mikrotik> >>>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>>>>> > >>>>>>> >>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>>> RouterOS >>>>>>> >>>>>>> >>>>>>> ----- >>>>>>> No virus found in this message. >>>>>>> Checked by AVG - www.avg.com >>>>>>> Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date: >>>>>>> 06/12/12 >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>> Scott Reed >>>>>> Owner >>>>>> NewWays Networking, LLC >>>>>> Wireless Networking >>>>>> Network Design, Installation and Administration >>>>>> >>>>>> >>>>>> >>>>>> Mikrotik Advanced Certified >>>>>> >>>>>> www.nwwnet.net >>>>>> (765) 855-1060 >>>>>> (765) 439-4253 >>>>>> (855) 231-6239 >>>>>> >>>>>> >>>>>> ______________________________****_________________ >>>>>> Mikrotik mailing list >>>>>> Mikrotik@mail.butchevans.com >>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<http://www.butchevans.com/**mailman/listinfo/mikrotik> >>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>>>> > >>>>>> >>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>>>> RouterOS >>>>>> >>>>>> >>>>> -------------- next part -------------- >>>> An HTML attachment was scrubbed... >>>> URL:<http://www.butchevans.**com/pipermail/mikrotik/** >>>> attachments/20120613/e6e1a8ee/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/e6e1a8ee/attachment.html> >>>> > >>>> ______________________________**_________________ >>>> Mikrotik mailing list >>>> Mikrotik@mail.butchevans.com >>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>>> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>>> RouterOS >>>> >>> ______________________________**_________________ >>> Mikrotik mailing list >>> Mikrotik@mail.butchevans.com >>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> >>> >>> ----- >>> No virus found in this message. >>> Checked by AVG - www.avg.com >>> Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date: 06/12/12 >>> >>> >>> >>> >> -- >> Scott Reed >> Owner >> NewWays Networking, LLC >> Wireless Networking >> Network Design, Installation and Administration >> >> >> >> Mikrotik Advanced Certified >> >> www.nwwnet.net >> (765) 855-1060 >> (765) 439-4253 >> (855) 231-6239 >> >> >> ______________________________**_________________ >> Mikrotik mailing list >> Mikrotik@mail.butchevans.com >> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> >> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >> RouterOS >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/322dcf4a/attachment.html> > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
