On Wed, Jan 22, 2014 at 01:37:18PM -0700, Matt Larsen - Lists wrote:
> This does not fix the problem.
>
> The router with the public IP address sees the private IP as an IP that
> is on its external interface. I believe this is due to the src-nat
> that does nat for our 10.0.0.0/8 subnets - neighboring router has an IP
> of 10.16.0.2/24.
I suspect your NAT rule is too inclusive. Can you show it to us? I suspect
you have something like:
You may just need to add a
add chain=srcnat action=accept src-address=10.16.0.0/24
before your
add action=src-nat chain=srcnat src-address=10.0.0.0/8 to-addresses={WAN_IP}
rule.
> I have not been having much luck with OSPF filters. I have another
> segment on my network where I need to filter out 172.16.0.0/16 routes,
> but the OSPF filters will not stop those routes from propagating.
>
> Matt Larsen
> mlar...@vistabeam.com
>
> On 1/22/2014 11:51 AM, Grand Avenue Broadband wrote:
> > If the problem is just that the public address occasionally sneaks through,
> > you could establish an ospf-in filter to filter out that public network.
> > If the problem is that the private address never shows up in OSPF, then
> > that would just be masking the symptom and not solving the problem.
> >
> > On Jan 22, 2014, at 11:46 AM, Matt Larsen - Lists <li...@manageisp.com>
> > wrote:
> >
> >> I have come across an issue in a couple of places where a router that is
> >> running src-nat and ospf barfs on OSPF because the source IP address for
> >> the OSPF requests going across the private interface keeps coming up as a
> >> public IP address.
> >>
> >> I end up getting the message "Received packet from an unknown network"
> >> over and over again. Is there a good way to prevent this from happening?
> >> My guess is that setting up some IP Mangle rules that direct all traffic
> >> out the public interface that matches the public network specification
> >> will do the trick. Any ideas?
> >>
> >> Matt Larsen
> >> vistabeam.com
> >> _______________________________________________
> >> Mikrotik mailing list
> >> Mikrotik@mail.butchevans.com
> >> http://mail.butchevans.com/mailman/listinfo/mikrotik
> >>
> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> >> RouterOS
> > _______________________________________________
> > Mikrotik mailing list
> > Mikrotik@mail.butchevans.com
> > http://mail.butchevans.com/mailman/listinfo/mikrotik
> >
> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
> >
>
> _______________________________________________
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
--
Scott Lambert KC5MLE Unix SysAdmin
lamb...@lambertfam.org
How to be a "computer expert," http://www.xkcd.com/627/
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
