[Mikrotik] basic routing

Ty Featherling tyfeatherling at gmail.com
Wed Jun 13 16:15:45 CDT 2012


Ok I got it finally. I have 10.100.0.2 AND 207.235.20.16 on ether1. I have
207.235.23.1/26 on ether2. I have default route to 207.235.20.1 (edge). I
have return route from edge for 207.235.23.0/26 to 10.100.0.2. My laptop
with 207.235.23.3 connected to RB ether2 can get online now.

Is a public necessary on the outbound interface of the RB in order to get
online? I take it that it is and that is why it hasn't worked til now.

-Ty

On Wed, Jun 13, 2012 at 3:44 PM, Ty Featherling <tyfeatherling at gmail.com>wrote:

> That is what I thought but when I look I see:
>
> /ip firewall nat
> add action=masquerade chain=srcnat comment="default configuration"
> disabled=yes out-interface=\
>     ether1-gateway
>
> Is it just a bug and is somehow stuck in NAT even though disabled?
>
> Another example - when I ping from my machine behind the router the
> failure is "Reply from 10.100.0.2: Destination host unreachable."
>
> -Ty
>
>
> On Wed, Jun 13, 2012 at 1:59 PM, Scott Reed <sreed at nwwnet.net> wrote:
>
>> The router with address 10.100.0.2 is doing NAT.  That is the only way I
>> can see that you can have that address as the source on your outbound
>> traffic.
>>
>>
>> On 6/13/2012 2:43 PM, Ty Featherling wrote:
>>
>>> Okay, after putting out fires for a few days I am back at looking at this
>>> issue. What I have found is that traffic from me on the
>>> 207.235.23.0/26subnet is leaving ether1 on the RB like it should but
>>>
>>> as a result is
>>> leaving AS 10.100.0.2. Since that is a private address it is not routable
>>> beyond my edge. That makes sense. I replaced the private ips between the
>>> two routers with public addresses and while I do have connectivity with
>>> the
>>> world that way, it is only because I am routed as the new public IP
>>> assigned to the RB's ether1. NAT is NOT enabled. Can anyone verify my
>>> thinking or explain what SHOULD be happening here?
>>>
>>> -Ty
>>>
>>> On Wed, Jun 6, 2012 at 9:02 PM, Ty Featherling<tyfeatherling@**gmail.com<tyfeatherling at gmail.com>
>>> >wrote:
>>>
>>>  After checking routes that was the first thing I checked. I'm still
>>>> baffled.
>>>>
>>>> -Ty
>>>> On Jun 6, 2012 8:34 PM, "Blake Covarrubias"<blake at beamspeed.**com<blake at beamspeed.com>>
>>>>  wrote:
>>>>
>>>>  /ip firewall nat, to be precise. Otherwise, no.
>>>>>
>>>>> --
>>>>> Blake Covarrubias
>>>>>
>>>>> On Jun 6, 2012, at 4:31 PM, Ty Featherling wrote:
>>>>>
>>>>>  Would it be somewhere other than ip firewall?
>>>>>>
>>>>>> -Ty
>>>>>> On Jun 6, 2012 5:44 PM, "Butch Evans"<butche at butchevans.com>  wrote:
>>>>>>
>>>>>>  On Wed, 2012-06-06 at 11:50 -0500, Ty Featherling wrote:
>>>>>>>
>>>>>>>> I am trying to route my first tower with mikrotik. I have a private
>>>>>>>>
>>>>>>> /30
>>>>>
>>>>>> setup between my edge router and ether1 of the RB. I have a private
>>>>>>>>
>>>>>>> /24
>>>>>
>>>>>> setup for an ap and it's cpe on ether2. I have a subnet of public
>>>>>>>>
>>>>>>> addresses
>>>>>>>
>>>>>>>> to use for clients of this AP and the gateway for those is set as an
>>>>>>>> address on ether2 as well. Default route is the gateway for ether1
>>>>>>>>
>>>>>>> which
>>>>>
>>>>>> is
>>>>>>>
>>>>>>>> our edge router. There is a route on the edge router routing that
>>>>>>>>
>>>>>>> subnet
>>>>>
>>>>>> of
>>>>>>>
>>>>>>>> publics back to the ether1 address of the RB. This all sounds right
>>>>>>>> to
>>>>>>>>
>>>>>>> me.
>>>>>>>
>>>>>>>
>>>>>>> This all sounds correct to me.  From a connected device on the lan
>>>>>>> side
>>>>>>> (the 207.235.23.0/26 block), you are able to ping everything inside
>>>>>>>
>>>>>> your
>>>>>
>>>>>> network, but not beyond that?  I'd doublecheck to ensure there is NOT
>>>>>>> a
>>>>>>> NAT rule in place on the MT that is causing this issue.
>>>>>>>
>>>>>>> --
>>>>>>> ****************************************************************
>>>>>>> ********
>>>>>>> * Butch Evans                * Professional Network Consultation   *
>>>>>>> * http://www.butchevans.com/ * Network Engineering                 *
>>>>>>> * http://store.wispgear.net/ * Wired or Wireless Networks          *
>>>>>>> * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE!    *
>>>>>>> *          NOTE THE NEW PHONE NUMBER: 702-537-0979                 *
>>>>>>> ****************************************************************
>>>>>>> ********
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ______________________________**_________________
>>>>>>> Mikrotik mailing list
>>>>>>> Mikrotik at mail.butchevans.com
>>>>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>>>>>
>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>>>>> RouterOS
>>>>>>>
>>>>>>>  -------------- next part --------------
>>>>>> An HTML attachment was scrubbed...
>>>>>> URL:<
>>>>>>
>>>>> http://www.butchevans.com/**pipermail/mikrotik/**
>>>>> attachments/20120606/477593d7/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/477593d7/attachment.html>
>>>>>
>>>>>> ______________________________**_________________
>>>>>> Mikrotik mailing list
>>>>>> Mikrotik at mail.butchevans.com
>>>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>>>>
>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>>>>
>>>>> RouterOS
>>>>>
>>>>> ______________________________**_________________
>>>>> Mikrotik mailing list
>>>>> Mikrotik at mail.butchevans.com
>>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>>>
>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>>> RouterOS
>>>>>
>>>>>  -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>> URL:<http://www.butchevans.**com/pipermail/mikrotik/**
>>> attachments/20120613/330c7e92/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/330c7e92/attachment.html>
>>> >
>>>
>>> ______________________________**_________________
>>> Mikrotik mailing list
>>> Mikrotik at mail.butchevans.com
>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>
>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>> RouterOS
>>>
>>>
>>> -----
>>> No virus found in this message.
>>> Checked by AVG - www.avg.com
>>> Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date: 06/12/12
>>>
>>>
>>>
>> --
>> Scott Reed
>> Owner
>> NewWays Networking, LLC
>> Wireless Networking
>> Network Design, Installation and Administration
>>
>>
>>
>> Mikrotik Advanced Certified
>>
>> www.nwwnet.net
>> (765) 855-1060
>> (765) 439-4253
>> (855) 231-6239
>>
>>
>> ______________________________**_________________
>> Mikrotik mailing list
>> Mikrotik at mail.butchevans.com
>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/e6e1a8ee/attachment.html>


More information about the Mikrotik mailing list