[Mikrotik] basic routing

Scott Reed sreed at nwwnet.net
Wed Jun 13 18:11:57 CDT 2012


And either delete or enable/disable the NAT rule to see if it has a problem.

On 6/13/2012 7:04 PM, Jeromie Reeves wrote:
> No, It should not be required. I run my entire network on privates and
> only put publics where I need them. You have
> something fishy with the config. do you have 10.100.0.1 on the
> upstream router? If so, get rid of the 207.235.20.16
> IP and keep the 10.100.0.2 then default route over those for 0.0.0.0/0
> and 207.235.23.0/26. should work fine. If not,
> you still have something wrong in the config.  I find it best to
> delete the default config even if disabled.
>
> On Wed, Jun 13, 2012 at 2:15 PM, Ty Featherling<tyfeatherling at gmail.com>  wrote:
>> Ok I got it finally. I have 10.100.0.2 AND 207.235.20.16 on ether1. I have
>> 207.235.23.1/26 on ether2. I have default route to 207.235.20.1 (edge). I
>> have return route from edge for 207.235.23.0/26 to 10.100.0.2. My laptop
>> with 207.235.23.3 connected to RB ether2 can get online now.
>>
>> Is a public necessary on the outbound interface of the RB in order to get
>> online? I take it that it is and that is why it hasn't worked til now.
>>
>> -Ty
>>
>> On Wed, Jun 13, 2012 at 3:44 PM, Ty Featherling<tyfeatherling at gmail.com>wrote:
>>
>>> That is what I thought but when I look I see:
>>>
>>> /ip firewall nat
>>> add action=masquerade chain=srcnat comment="default configuration"
>>> disabled=yes out-interface=\
>>>      ether1-gateway
>>>
>>> Is it just a bug and is somehow stuck in NAT even though disabled?
>>>
>>> Another example - when I ping from my machine behind the router the
>>> failure is "Reply from 10.100.0.2: Destination host unreachable."
>>>
>>> -Ty
>>>
>>>
>>> On Wed, Jun 13, 2012 at 1:59 PM, Scott Reed<sreed at nwwnet.net>  wrote:
>>>
>>>> The router with address 10.100.0.2 is doing NAT.  That is the only way I
>>>> can see that you can have that address as the source on your outbound
>>>> traffic.
>>>>
>>>>
>>>> On 6/13/2012 2:43 PM, Ty Featherling wrote:
>>>>
>>>>> Okay, after putting out fires for a few days I am back at looking at this
>>>>> issue. What I have found is that traffic from me on the
>>>>> 207.235.23.0/26subnet is leaving ether1 on the RB like it should but
>>>>>
>>>>> as a result is
>>>>> leaving AS 10.100.0.2. Since that is a private address it is not routable
>>>>> beyond my edge. That makes sense. I replaced the private ips between the
>>>>> two routers with public addresses and while I do have connectivity with
>>>>> the
>>>>> world that way, it is only because I am routed as the new public IP
>>>>> assigned to the RB's ether1. NAT is NOT enabled. Can anyone verify my
>>>>> thinking or explain what SHOULD be happening here?
>>>>>
>>>>> -Ty
>>>>>
>>>>> On Wed, Jun 6, 2012 at 9:02 PM, Ty Featherling<tyfeatherling@**gmail.com<tyfeatherling at gmail.com>
>>>>>> wrote:
>>>>>   After checking routes that was the first thing I checked. I'm still
>>>>>> baffled.
>>>>>>
>>>>>> -Ty
>>>>>> On Jun 6, 2012 8:34 PM, "Blake Covarrubias"<blake at beamspeed.**com<blake at beamspeed.com>>
>>>>>>   wrote:
>>>>>>
>>>>>>   /ip firewall nat, to be precise. Otherwise, no.
>>>>>>> --
>>>>>>> Blake Covarrubias
>>>>>>>
>>>>>>> On Jun 6, 2012, at 4:31 PM, Ty Featherling wrote:
>>>>>>>
>>>>>>>   Would it be somewhere other than ip firewall?
>>>>>>>> -Ty
>>>>>>>> On Jun 6, 2012 5:44 PM, "Butch Evans"<butche at butchevans.com>    wrote:
>>>>>>>>
>>>>>>>>   On Wed, 2012-06-06 at 11:50 -0500, Ty Featherling wrote:
>>>>>>>>>> I am trying to route my first tower with mikrotik. I have a private
>>>>>>>>>>
>>>>>>>>> /30
>>>>>>>> setup between my edge router and ether1 of the RB. I have a private
>>>>>>>>> /24
>>>>>>>> setup for an ap and it's cpe on ether2. I have a subnet of public
>>>>>>>>> addresses
>>>>>>>>>
>>>>>>>>>> to use for clients of this AP and the gateway for those is set as an
>>>>>>>>>> address on ether2 as well. Default route is the gateway for ether1
>>>>>>>>>>
>>>>>>>>> which
>>>>>>>> is
>>>>>>>>>> our edge router. There is a route on the edge router routing that
>>>>>>>>>>
>>>>>>>>> subnet
>>>>>>>> of
>>>>>>>>>> publics back to the ether1 address of the RB. This all sounds right
>>>>>>>>>> to
>>>>>>>>>>
>>>>>>>>> me.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This all sounds correct to me.  From a connected device on the lan
>>>>>>>>> side
>>>>>>>>> (the 207.235.23.0/26 block), you are able to ping everything inside
>>>>>>>>>
>>>>>>>> your
>>>>>>>> network, but not beyond that?  I'd doublecheck to ensure there is NOT
>>>>>>>>> a
>>>>>>>>> NAT rule in place on the MT that is causing this issue.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> ****************************************************************
>>>>>>>>> ********
>>>>>>>>> * Butch Evans                * Professional Network Consultation   *
>>>>>>>>> * http://www.butchevans.com/ * Network Engineering                 *
>>>>>>>>> * http://store.wispgear.net/ * Wired or Wireless Networks          *
>>>>>>>>> * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE!    *
>>>>>>>>> *          NOTE THE NEW PHONE NUMBER: 702-537-0979                 *
>>>>>>>>> ****************************************************************
>>>>>>>>> ********
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ______________________________**_________________
>>>>>>>>> Mikrotik mailing list
>>>>>>>>> Mikrotik at mail.butchevans.com
>>>>>>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>>>>>>>
>>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>>>>>>> RouterOS
>>>>>>>>>
>>>>>>>>>   -------------- next part --------------
>>>>>>>> An HTML attachment was scrubbed...
>>>>>>>> URL:<
>>>>>>>>
>>>>>>> http://www.butchevans.com/**pipermail/mikrotik/**
>>>>>>> attachments/20120606/477593d7/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/477593d7/attachment.html>
>>>>>>>
>>>>>>>> ______________________________**_________________
>>>>>>>> Mikrotik mailing list
>>>>>>>> Mikrotik at mail.butchevans.com
>>>>>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>>>>>>
>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>>>>>>
>>>>>>> RouterOS
>>>>>>>
>>>>>>> ______________________________**_________________
>>>>>>> Mikrotik mailing list
>>>>>>> Mikrotik at mail.butchevans.com
>>>>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>>>>>
>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>>>>> RouterOS
>>>>>>>
>>>>>>>   -------------- next part --------------
>>>>> An HTML attachment was scrubbed...
>>>>> URL:<http://www.butchevans.**com/pipermail/mikrotik/**
>>>>> attachments/20120613/330c7e92/**attachment.html<http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/330c7e92/attachment.html>
>>>>> ______________________________**_________________
>>>>> Mikrotik mailing list
>>>>> Mikrotik at mail.butchevans.com
>>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>>>
>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>>> RouterOS
>>>>>
>>>>>
>>>>> -----
>>>>> No virus found in this message.
>>>>> Checked by AVG - www.avg.com
>>>>> Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date: 06/12/12
>>>>>
>>>>>
>>>>>
>>>> --
>>>> Scott Reed
>>>> Owner
>>>> NewWays Networking, LLC
>>>> Wireless Networking
>>>> Network Design, Installation and Administration
>>>>
>>>>
>>>>
>>>> Mikrotik Advanced Certified
>>>>
>>>> www.nwwnet.net
>>>> (765) 855-1060
>>>> (765) 439-4253
>>>> (855) 231-6239
>>>>
>>>>
>>>> ______________________________**_________________
>>>> Mikrotik mailing list
>>>> Mikrotik at mail.butchevans.com
>>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik>
>>>>
>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>> RouterOS
>>>>
>>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:<http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/e6e1a8ee/attachment.html>
>> _______________________________________________
>> Mikrotik mailing list
>> Mikrotik at mail.butchevans.com
>> http://www.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
> _______________________________________________
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> http://www.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
>
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date: 06/12/12
>
>
>

-- 
Scott Reed
Owner
NewWays Networking, LLC
Wireless Networking
Network Design, Installation and Administration



Mikrotik Advanced Certified

www.nwwnet.net
(765) 855-1060
(765) 439-4253
(855) 231-6239




More information about the Mikrotik mailing list