I have public IPs, the 10.0.4.0 network is my OSPF backbone network. I'm not trying to go out with those addresses. What I've put down as yyy.yyy.yyy.0/24 signifies my new public IPs.
I'm using one of the new public IPs right now, but I had to attach it to the riverstone (which holds the default gateway to our ISP). -Paul On Feb 11, 2010, at 10:12 AM, Dennis Burgess wrote: > NAT. your 10.x is privates, you may need to nat them out. > > ----------------------------------------------------------- > Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, > MTCTCE, MTCUME > Link Technologies, Inc -- Mikrotik & WISP Support Services > Office: 314-735-0270 Website: http://www.linktechs.net > LIVE On-Line Mikrotik Training - Author of "Learn RouterOS" > > -----Original Message----- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Paul Gerstenberger > Sent: Thursday, February 11, 2010 11:56 AM > To: WISPA General List > Subject: Re: [WISPA] Routing Help [Default Route to OSPF] > > I have the new network permitted in my ingress and egress ACLs for our > outbound interface. I've also tried using a smaller subnet of IPs from a > different pool that we've been using for years. And I briefly disabled > the ACLs altogether to test. > > And when I attach this network direct to the riverstone, everything > works. That's why I though it was an internal routing misconfiguration. > > -Paul > > On Feb 11, 2010, at 9:47 AM, Data Technology wrote: > >> Could it be a firewall rule? >> >> >> Paul Gerstenberger wrote: >>> Same story, I disabled OSPF on both devices (but both are still on > the 10.0.4.0 network) put this route in the riverstone: >>> >>> ip add route yyy.yyy.yyyy.0/24 gateway 10.0.4.3 >>> >>> and this in the mikrotik: >>> >>> ip route add dst-address=0.0.0.0/0 gateway=10.0.4.1 (pretty > sure, I did it from WinBox) >>> >>> Again, I can ping out to all local resources off the riverstone, but > I time out when trying to get outside, but I can ping into those publics > from an external network. >>> >>> MacBook-Pro:~ pgerst$ traceroute 4.2.2.1 >>> traceroute to 4.2.2.1 (4.2.2.1), 64 hops max, 52 byte packets >>> 1 yyy.yyy.yyy.1 (yyy.yyy.yyy.1) 0.673 ms 0.132 ms 0.165 ms >>> 2 10.0.4.1 (10.0.4.1) 0.406 ms 0.365 ms 0.358 ms >>> 3 * * * >>> >>> -Paul >>> >>> On Feb 11, 2010, at 3:57 AM, Bret Clark wrote: >>> >>> >>>> Paul Gerstenberger wrote: >>>> >>>>> There are a number of blackhole routes and ACL lines for > unallocated IPs, that's why it's so long. Probably overkill. >>>>> >>>>> I'm not running NAT on the mikrotik, but I'm planning doing so with > some of these IPs. >>>>> >>>>> [ad...@mikrotik] > /routing ospf export >>>>> # feb/11/2010 05:34:32 by RouterOS 4.5 >>>>> # software id = QQQQ-QQQQ >>>>> # >>>>> /routing ospf instance >>>>> set default comment="" disabled=no distribute-default=never > in-filter=ospf-in metric-bgp=20 \ >>>>> metric-connected=20 metric-default=1 metric-other-ospf=auto > metric-rip=20 metric-static=20 \ >>>>> name=default out-filter=ospf-out redistribute-bgp=no > redistribute-connected=as-type-1 \ >>>>> redistribute-other-ospf=no redistribute-rip=no > redistribute-static=no router-id=10.0.4.3 >>>>> /routing ospf area >>>>> set backbone area-id=0.0.0.0 comment="" disabled=no > instance=default name=backbone type=default >>>>> /routing ospf interface >>>>> add authentication=none authentication-key="" > authentication-key-id=1 comment="" cost=10 \ >>>>> dead-interval=40s disabled=no hello-interval=10s instance-id=0 > interface=ether1-gateway \ >>>>> network-type=broadcast passive=no priority=1 > retransmit-interval=5s transmit-delay=1s \ >>>>> use-bfd=no >>>>> /routing ospf network >>>>> add area=backbone comment="" disabled=no network=10.0.4.0/27 >>>>> >>>>> >>>>> >>>>> Here are the relevant routes: >>>>> >>>>> RS-1# ip show routes >>>>> >>>>> Destination Gateway Owner Netif >>>>> ----------- ------- ----- ----- >>>>> default ZZZ.ZZZ.ZZZ.25 Static HREC-EIA >>>>> 10.0.4.0/27 directly connected - WISP-201 >>>>> YYY.YYY.YYY.0/24 10.0.4.3 OSPF_ASE WISP-201 > >>>>> XXX.XXX.XXX.24/30 directly connected - HREC-EIA >>>>> >>>>> [ad...@mikrotik] > ip route print >>>>> >>>>> Flags: X - disabled, A - active, D - dynamic, >>>>> C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, >>>>> B - blackhole, U - unreachable, P - prohibit >>>>> >>>>> # DST-ADDRESS PREF-SRC GATEWAY > DISTANCE >>>>> 0 ADo 0.0.0.0/0 - 10.0.4.1 110 > >>>>> 2 ADC 10.0.4.0/27 10.0.4.3 ether1-gateway 0 > >>>>> 30 ADC yyy.yyy.yyy.0/24 zzz.zzz.zzz.1 ether2-local > 0 >>>>> 44 ADo xxx.xxx.xxx.24/30 - 10.0.4.1 110 > >>>>> >>>>> -Paul >>>>> >>>>> >>>> Strange...everything looks right to me. Routing tables are as I > would >>>> expect. You don't happen to have any ACL's being applied to the >>>> interface that the Mikrotik is attached too? What happen if you >>>> eliminate using OSPF for now and just setup the configuration using >>>> static routes? Does it work then? >>>> >>>> >>>> > ------------------------------------------------------------------------ > -------- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> > ------------------------------------------------------------------------ > -------- >>>> >>>> WISPA Wireless List: wireless@wispa.org >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>> >>> >>> >>> > ------------------------------------------------------------------------ > -------- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> > ------------------------------------------------------------------------ > -------- >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >>> >>> >> >> >> >> > ------------------------------------------------------------------------ > -------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> > ------------------------------------------------------------------------ > -------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > ------------------------------------------------------------------------ > -------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > ------------------------------------------------------------------------ > -------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
