I woke up today to having problems between my internal networks and one of my DNS servers. It ended up being a NAT problem.
I think I got it. Half of the problem was the same I was having yesterday... pings when everything should be working weren't going through. Well, on one computer. For some reason the computer learns a certain route to a destination and maintains that no matter what. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Mike Hammett" <butch-mikro...@ics-il.net> To: "Mikrotik discussions" <mikrotik@mail.butchevans.com> Sent: Sunday, September 2, 2012 5:55:20 PM Subject: [Mikrotik] *&^$#%*&^%$ Hopefully that subject made it past your SPAM filters, but that's how I feel. I did so much in rage, chances are, I caused my own problems throughout the day. I had my main switch fail this morning. It had VLANs mapped for all kinds of stuff (about 15 - 20 VLANs). Of course no one open had a 48 port managed GigE switch. I set out to reconfigure existing stuff to work. The RB250GS is an absolute pain in the ass. I don't know why I even have them. They couldn't handle a complex VLAN setup to save their lives. I got everything online after several hours through my RB1200, which had to be reconfigured in many areas so that everything would work. I split the important VLANs off to their own interfaces to reduce the configuration load on my RB250GS. I'm doing traceroutes and pings to make sure all services and devices are up and running. I notice something odd in my pings out to the net. Traffic goes through, but pings have a redirect error. I had to figure out why. I fixed it by breaking a bridge that I had on my 1200, which broke the Internet service altogether. I ended up fixing it by changing some NAT rules. Well, for the internal traffic. Servers on public IPs never missed a beat once I got rid of that redirect error. I had one hell of a time coming to this conclusion because traceroutes and pings were not consistent. I have no default route on my internal, private IP range, only on my public IPs. Traceroutes out to an off-net public IP would head out my router through my internal network and end up failing. If there is no default route pointing to a given IP address, why did traffic go there? I was under the assumption that if there were no default route in that OSPF area, traffic would just die. Once I figured out that my NAT rules were to blame (they weren't matching correctly after the changed interfaces), I solved that problem. However, traceroutes to two different off-net public IPs would take two different routes. One would go the correct direction, while the other would continue to go down the private IP path. Of course most of the day I had been testing to the one that now wasn't working. How? God only knows how many times in my testing could the service possibly been working just fine, but my computer was decided to go down the old path still. I may have missed some things, but I'm tired of typing it all out, so I'm done for now. :-p ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
