NAT. your 10.x is privates, you may need to nat them out. ----------------------------------------------------------- Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training - Author of "Learn RouterOS"
-----Original Message----- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Paul Gerstenberger Sent: Thursday, February 11, 2010 11:56 AM To: WISPA General List Subject: Re: [WISPA] Routing Help [Default Route to OSPF] I have the new network permitted in my ingress and egress ACLs for our outbound interface. I've also tried using a smaller subnet of IPs from a different pool that we've been using for years. And I briefly disabled the ACLs altogether to test. And when I attach this network direct to the riverstone, everything works. That's why I though it was an internal routing misconfiguration. -Paul On Feb 11, 2010, at 9:47 AM, Data Technology wrote: > Could it be a firewall rule? > > > Paul Gerstenberger wrote: >> Same story, I disabled OSPF on both devices (but both are still on the 10.0.4.0 network) put this route in the riverstone: >> >> ip add route yyy.yyy.yyyy.0/24 gateway 10.0.4.3 >> >> and this in the mikrotik: >> >> ip route add dst-address=0.0.0.0/0 gateway=10.0.4.1 (pretty sure, I did it from WinBox) >> >> Again, I can ping out to all local resources off the riverstone, but I time out when trying to get outside, but I can ping into those publics from an external network. >> >> MacBook-Pro:~ pgerst$ traceroute 4.2.2.1 >> traceroute to 4.2.2.1 (4.2.2.1), 64 hops max, 52 byte packets >> 1 yyy.yyy.yyy.1 (yyy.yyy.yyy.1) 0.673 ms 0.132 ms 0.165 ms >> 2 10.0.4.1 (10.0.4.1) 0.406 ms 0.365 ms 0.358 ms >> 3 * * * >> >> -Paul >> >> On Feb 11, 2010, at 3:57 AM, Bret Clark wrote: >> >> >>> Paul Gerstenberger wrote: >>> >>>> There are a number of blackhole routes and ACL lines for unallocated IPs, that's why it's so long. Probably overkill. >>>> >>>> I'm not running NAT on the mikrotik, but I'm planning doing so with some of these IPs. >>>> >>>> [ad...@mikrotik] > /routing ospf export >>>> # feb/11/2010 05:34:32 by RouterOS 4.5 >>>> # software id = QQQQ-QQQQ >>>> # >>>> /routing ospf instance >>>> set default comment="" disabled=no distribute-default=never in-filter=ospf-in metric-bgp=20 \ >>>> metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 metric-static=20 \ >>>> name=default out-filter=ospf-out redistribute-bgp=no redistribute-connected=as-type-1 \ >>>> redistribute-other-ospf=no redistribute-rip=no redistribute-static=no router-id=10.0.4.3 >>>> /routing ospf area >>>> set backbone area-id=0.0.0.0 comment="" disabled=no instance=default name=backbone type=default >>>> /routing ospf interface >>>> add authentication=none authentication-key="" authentication-key-id=1 comment="" cost=10 \ >>>> dead-interval=40s disabled=no hello-interval=10s instance-id=0 interface=ether1-gateway \ >>>> network-type=broadcast passive=no priority=1 retransmit-interval=5s transmit-delay=1s \ >>>> use-bfd=no >>>> /routing ospf network >>>> add area=backbone comment="" disabled=no network=10.0.4.0/27 >>>> >>>> >>>> >>>> Here are the relevant routes: >>>> >>>> RS-1# ip show routes >>>> >>>> Destination Gateway Owner Netif >>>> ----------- ------- ----- ----- >>>> default ZZZ.ZZZ.ZZZ.25 Static HREC-EIA >>>> 10.0.4.0/27 directly connected - WISP-201 >>>> YYY.YYY.YYY.0/24 10.0.4.3 OSPF_ASE WISP-201 >>>> XXX.XXX.XXX.24/30 directly connected - HREC-EIA >>>> >>>> [ad...@mikrotik] > ip route print >>>> >>>> Flags: X - disabled, A - active, D - dynamic, >>>> C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, >>>> B - blackhole, U - unreachable, P - prohibit >>>> >>>> # DST-ADDRESS PREF-SRC GATEWAY DISTANCE >>>> 0 ADo 0.0.0.0/0 - 10.0.4.1 110 >>>> 2 ADC 10.0.4.0/27 10.0.4.3 ether1-gateway 0 >>>> 30 ADC yyy.yyy.yyy.0/24 zzz.zzz.zzz.1 ether2-local 0 >>>> 44 ADo xxx.xxx.xxx.24/30 - 10.0.4.1 110 >>>> >>>> -Paul >>>> >>>> >>> Strange...everything looks right to me. Routing tables are as I would >>> expect. You don't happen to have any ACL's being applied to the >>> interface that the Mikrotik is attached too? What happen if you >>> eliminate using OSPF for now and just setup the configuration using >>> static routes? Does it work then? >>> >>> >>> ------------------------------------------------------------------------ -------- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> ------------------------------------------------------------------------ -------- >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> >> ------------------------------------------------------------------------ -------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> ------------------------------------------------------------------------ -------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> >> > > > > ------------------------------------------------------------------------ -------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > ------------------------------------------------------------------------ -------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ ------------------------------------------------------------------------ -------- WISPA Wants You! Join today! http://signup.wispa.org/ ------------------------------------------------------------------------ -------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
