At this point I think I would just port mirror on a port on the Riverstone and see what Wireshark is showing. I see nothing wrong with the routing statements and I know it works as we have a fair number of Mikrotiks running with RS3000's and RS8000's using OSPF's.
On Thu, 2010-02-11 at 10:20 -0800, Paul Gerstenberger wrote: > I have public IPs, the 10.0.4.0 network is my OSPF backbone network. I'm not > trying to go out with those addresses. What I've put down as yyy.yyy.yyy.0/24 > signifies my new public IPs. > > I'm using one of the new public IPs right now, but I had to attach it to the > riverstone (which holds the default gateway to our ISP). > > -Paul > > On Feb 11, 2010, at 10:12 AM, Dennis Burgess wrote: > > > NAT. your 10.x is privates, you may need to nat them out. > > > > ----------------------------------------------------------- > > Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, > > MTCTCE, MTCUME > > Link Technologies, Inc -- Mikrotik & WISP Support Services > > Office: 314-735-0270 Website: http://www.linktechs.net > > LIVE On-Line Mikrotik Training - Author of "Learn RouterOS" > > > > -----Original Message----- > > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > > Behalf Of Paul Gerstenberger > > Sent: Thursday, February 11, 2010 11:56 AM > > To: WISPA General List > > Subject: Re: [WISPA] Routing Help [Default Route to OSPF] > > > > I have the new network permitted in my ingress and egress ACLs for our > > outbound interface. I've also tried using a smaller subnet of IPs from a > > different pool that we've been using for years. And I briefly disabled > > the ACLs altogether to test. > > > > And when I attach this network direct to the riverstone, everything > > works. That's why I though it was an internal routing misconfiguration. > > > > -Paul > > > > On Feb 11, 2010, at 9:47 AM, Data Technology wrote: > > > >> Could it be a firewall rule? > >> > >> > >> Paul Gerstenberger wrote: > >>> Same story, I disabled OSPF on both devices (but both are still on > > the 10.0.4.0 network) put this route in the riverstone: > >>> > >>> ip add route yyy.yyy.yyyy.0/24 gateway 10.0.4.3 > >>> > >>> and this in the mikrotik: > >>> > >>> ip route add dst-address=0.0.0.0/0 gateway=10.0.4.1 (pretty > > sure, I did it from WinBox) > >>> > >>> Again, I can ping out to all local resources off the riverstone, but > > I time out when trying to get outside, but I can ping into those publics > > from an external network. > >>> > >>> MacBook-Pro:~ pgerst$ traceroute 4.2.2.1 > >>> traceroute to 4.2.2.1 (4.2.2.1), 64 hops max, 52 byte packets > >>> 1 yyy.yyy.yyy.1 (yyy.yyy.yyy.1) 0.673 ms 0.132 ms 0.165 ms > >>> 2 10.0.4.1 (10.0.4.1) 0.406 ms 0.365 ms 0.358 ms > >>> 3 * * * > >>> > >>> -Paul > >>> > >>> On Feb 11, 2010, at 3:57 AM, Bret Clark wrote: > >>> > >>> > >>>> Paul Gerstenberger wrote: > >>>> > >>>>> There are a number of blackhole routes and ACL lines for > > unallocated IPs, that's why it's so long. Probably overkill. > >>>>> > >>>>> I'm not running NAT on the mikrotik, but I'm planning doing so with > > some of these IPs. > >>>>> > >>>>> [ad...@mikrotik] > /routing ospf export > >>>>> # feb/11/2010 05:34:32 by RouterOS 4.5 > >>>>> # software id = QQQQ-QQQQ > >>>>> # > >>>>> /routing ospf instance > >>>>> set default comment="" disabled=no distribute-default=never > > in-filter=ospf-in metric-bgp=20 \ > >>>>> metric-connected=20 metric-default=1 metric-other-ospf=auto > > metric-rip=20 metric-static=20 \ > >>>>> name=default out-filter=ospf-out redistribute-bgp=no > > redistribute-connected=as-type-1 \ > >>>>> redistribute-other-ospf=no redistribute-rip=no > > redistribute-static=no router-id=10.0.4.3 > >>>>> /routing ospf area > >>>>> set backbone area-id=0.0.0.0 comment="" disabled=no > > instance=default name=backbone type=default > >>>>> /routing ospf interface > >>>>> add authentication=none authentication-key="" > > authentication-key-id=1 comment="" cost=10 \ > >>>>> dead-interval=40s disabled=no hello-interval=10s instance-id=0 > > interface=ether1-gateway \ > >>>>> network-type=broadcast passive=no priority=1 > > retransmit-interval=5s transmit-delay=1s \ > >>>>> use-bfd=no > >>>>> /routing ospf network > >>>>> add area=backbone comment="" disabled=no network=10.0.4.0/27 > >>>>> > >>>>> > >>>>> > >>>>> Here are the relevant routes: > >>>>> > >>>>> RS-1# ip show routes > >>>>> > >>>>> Destination Gateway Owner Netif > >>>>> ----------- ------- ----- ----- > >>>>> default ZZZ.ZZZ.ZZZ.25 Static HREC-EIA > >>>>> 10.0.4.0/27 directly connected - WISP-201 > >>>>> YYY.YYY.YYY.0/24 10.0.4.3 OSPF_ASE WISP-201 > > > >>>>> XXX.XXX.XXX.24/30 directly connected - HREC-EIA > >>>>> > >>>>> [ad...@mikrotik] > ip route print > >>>>> > >>>>> Flags: X - disabled, A - active, D - dynamic, > >>>>> C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, > >>>>> B - blackhole, U - unreachable, P - prohibit > >>>>> > >>>>> # DST-ADDRESS PREF-SRC GATEWAY > > DISTANCE > >>>>> 0 ADo 0.0.0.0/0 - 10.0.4.1 110 > > > >>>>> 2 ADC 10.0.4.0/27 10.0.4.3 ether1-gateway 0 > > > >>>>> 30 ADC yyy.yyy.yyy.0/24 zzz.zzz.zzz.1 ether2-local > > 0 > >>>>> 44 ADo xxx.xxx.xxx.24/30 - 10.0.4.1 110 > > > >>>>> > >>>>> -Paul > >>>>> > >>>>> > >>>> Strange...everything looks right to me. Routing tables are as I > > would > >>>> expect. You don't happen to have any ACL's being applied to the > >>>> interface that the Mikrotik is attached too? What happen if you > >>>> eliminate using OSPF for now and just setup the configuration using > >>>> static routes? Does it work then? > >>>> > >>>> > >>>> > > ------------------------------------------------------------------------ > > -------- > >>>> WISPA Wants You! Join today! > >>>> http://signup.wispa.org/ > >>>> > > ------------------------------------------------------------------------ > > -------- > >>>> > >>>> WISPA Wireless List: wireless@wispa.org > >>>> > >>>> Subscribe/Unsubscribe: > >>>> http://lists.wispa.org/mailman/listinfo/wireless > >>>> > >>>> Archives: http://lists.wispa.org/pipermail/wireless/ > >>>> > >>> > >>> > >>> > >>> > > ------------------------------------------------------------------------ > > -------- > >>> WISPA Wants You! Join today! > >>> http://signup.wispa.org/ > >>> > > ------------------------------------------------------------------------ > > -------- > >>> > >>> WISPA Wireless List: wireless@wispa.org > >>> > >>> Subscribe/Unsubscribe: > >>> http://lists.wispa.org/mailman/listinfo/wireless > >>> > >>> Archives: http://lists.wispa.org/pipermail/wireless/ > >>> > >>> > >>> > >> > >> > >> > >> > > ------------------------------------------------------------------------ > > -------- > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > > ------------------------------------------------------------------------ > > -------- > >> > >> WISPA Wireless List: wireless@wispa.org > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > ------------------------------------------------------------------------ > > -------- > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > ------------------------------------------------------------------------ > > -------- > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > -------------------------------------------------------------------------------- > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
