[Mikrotik] basic routing

Ty Featherling tyfeatherling at gmail.com
Thu Jun 14 12:52:02 CDT 2012


After re-checking everything for the Nth time I reset-config on the RB and
removed ALL config. I only added ip addresses to 2 interfaces and a default
route. Using a static 207.235.23.2 address on my laptop it is WORKING FINE.

/facepalm

Note to self, if it doesn't work, start over at least once before going
further.

-Ty

On Thu, Jun 14, 2012 at 11:02 AM, Jeromie Reeves <jreeves at 18-30chat.net>wrote:

> That is funky. Is it possible you did not have the network mask's
> correct? I know MT will default to a /32 and cisco to a class.
> Is is possible there are overlapping subnets someplace? That will kill
> routing in a hurry when using privates for links.
>
> On Wed, Jun 13, 2012 at 4:15 PM, Ty Featherling <tyfeatherling at gmail.com>
> wrote:
> > I started out that way. Adding the publics is the only thing that has
> fixed
> > it. I went ahead and deleted the NAT rule altogether but it made no
> > difference. I will reset the config and re-setup tomorrow to see if that
> > helps.
> >
> > -Ty
> >
> > On Wed, Jun 13, 2012 at 6:11 PM, Scott Reed <sreed at nwwnet.net> wrote:
> >
> >> And either delete or enable/disable the NAT rule to see if it has a
> >> problem.
> >>
> >>
> >> On 6/13/2012 7:04 PM, Jeromie Reeves wrote:
> >>
> >>> No, It should not be required. I run my entire network on privates and
> >>> only put publics where I need them. You have
> >>> something fishy with the config. do you have 10.100.0.1 on the
> >>> upstream router? If so, get rid of the 207.235.20.16
> >>> IP and keep the 10.100.0.2 then default route over those for 0.0.0.0/0
> >>> and 207.235.23.0/26. should work fine. If not,
> >>> you still have something wrong in the config.  I find it best to
> >>> delete the default config even if disabled.
> >>>
> >>> On Wed, Jun 13, 2012 at 2:15 PM, Ty Featherling<tyfeatherling@**
> gmail.com<tyfeatherling at gmail.com>>
> >>>  wrote:
> >>>
> >>>> Ok I got it finally. I have 10.100.0.2 AND 207.235.20.16 on ether1. I
> >>>> have
> >>>> 207.235.23.1/26 on ether2. I have default route to 207.235.20.1
> (edge).
> >>>> I
> >>>> have return route from edge for 207.235.23.0/26 to 10.100.0.2. My
> laptop
> >>>> with 207.235.23.3 connected to RB ether2 can get online now.
> >>>>
> >>>> Is a public necessary on the outbound interface of the RB in order to
> get
> >>>> online? I take it that it is and that is why it hasn't worked til now.
> >>>>
> >>>> -Ty
> >>>>
> >>>> On Wed, Jun 13, 2012 at 3:44 PM, Ty Featherling<tyfeatherling@**
> >>>> gmail.com <tyfeatherling at gmail.com>>wrote:
> >>>>
> >>>>  That is what I thought but when I look I see:
> >>>>>
> >>>>> /ip firewall nat
> >>>>> add action=masquerade chain=srcnat comment="default configuration"
> >>>>> disabled=yes out-interface=\
> >>>>>     ether1-gateway
> >>>>>
> >>>>> Is it just a bug and is somehow stuck in NAT even though disabled?
> >>>>>
> >>>>> Another example - when I ping from my machine behind the router the
> >>>>> failure is "Reply from 10.100.0.2: Destination host unreachable."
> >>>>>
> >>>>> -Ty
> >>>>>
> >>>>>
> >>>>> On Wed, Jun 13, 2012 at 1:59 PM, Scott Reed<sreed at nwwnet.net>
>  wrote:
> >>>>>
> >>>>>  The router with address 10.100.0.2 is doing NAT.  That is the only
> way
> >>>>>> I
> >>>>>> can see that you can have that address as the source on your
> outbound
> >>>>>> traffic.
> >>>>>>
> >>>>>>
> >>>>>> On 6/13/2012 2:43 PM, Ty Featherling wrote:
> >>>>>>
> >>>>>>  Okay, after putting out fires for a few days I am back at looking
> at
> >>>>>>> this
> >>>>>>> issue. What I have found is that traffic from me on the
> >>>>>>> 207.235.23.0/26subnet is leaving ether1 on the RB like it should
> but
> >>>>>>>
> >>>>>>> as a result is
> >>>>>>> leaving AS 10.100.0.2. Since that is a private address it is not
> >>>>>>> routable
> >>>>>>> beyond my edge. That makes sense. I replaced the private ips
> between
> >>>>>>> the
> >>>>>>> two routers with public addresses and while I do have connectivity
> >>>>>>> with
> >>>>>>> the
> >>>>>>> world that way, it is only because I am routed as the new public IP
> >>>>>>> assigned to the RB's ether1. NAT is NOT enabled. Can anyone verify
> my
> >>>>>>> thinking or explain what SHOULD be happening here?
> >>>>>>>
> >>>>>>> -Ty
> >>>>>>>
> >>>>>>> On Wed, Jun 6, 2012 at 9:02 PM, Ty Featherling<tyfeatherling@
> **gm**
> >>>>>>> ail.com <http://gmail.com><tyfeatherling at gmail.**com<
> tyfeatherling at gmail.com>
> >>>>>>> >
> >>>>>>>
> >>>>>>>> wrote:
> >>>>>>>>
> >>>>>>>  After checking routes that was the first thing I checked. I'm
> still
> >>>>>>>
> >>>>>>>> baffled.
> >>>>>>>>
> >>>>>>>> -Ty
> >>>>>>>> On Jun 6, 2012 8:34 PM, "Blake Covarrubias"<blake at beamspeed.
> ****com<
> >>>>>>>> blake at beamspeed.com>>
> >>>>>>>>  wrote:
> >>>>>>>>
> >>>>>>>>  /ip firewall nat, to be precise. Otherwise, no.
> >>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Blake Covarrubias
> >>>>>>>>>
> >>>>>>>>> On Jun 6, 2012, at 4:31 PM, Ty Featherling wrote:
> >>>>>>>>>
> >>>>>>>>>  Would it be somewhere other than ip firewall?
> >>>>>>>>>
> >>>>>>>>>> -Ty
> >>>>>>>>>> On Jun 6, 2012 5:44 PM, "Butch Evans"<butche at butchevans.com>
> >>>>>>>>>>  wrote:
> >>>>>>>>>>
> >>>>>>>>>>  On Wed, 2012-06-06 at 11:50 -0500, Ty Featherling wrote:
> >>>>>>>>>>
> >>>>>>>>>>> I am trying to route my first tower with mikrotik. I have a
> >>>>>>>>>>>> private
> >>>>>>>>>>>>
> >>>>>>>>>>>>  /30
> >>>>>>>>>>>
> >>>>>>>>>> setup between my edge router and ether1 of the RB. I have a
> private
> >>>>>>>>>>
> >>>>>>>>>>> /24
> >>>>>>>>>>>
> >>>>>>>>>> setup for an ap and it's cpe on ether2. I have a subnet of
> public
> >>>>>>>>>>
> >>>>>>>>>>> addresses
> >>>>>>>>>>>
> >>>>>>>>>>>  to use for clients of this AP and the gateway for those is set
> >>>>>>>>>>>> as an
> >>>>>>>>>>>> address on ether2 as well. Default route is the gateway for
> >>>>>>>>>>>> ether1
> >>>>>>>>>>>>
> >>>>>>>>>>>>  which
> >>>>>>>>>>>
> >>>>>>>>>> is
> >>>>>>>>>>
> >>>>>>>>>>> our edge router. There is a route on the edge router routing
> that
> >>>>>>>>>>>>
> >>>>>>>>>>>>  subnet
> >>>>>>>>>>>
> >>>>>>>>>> of
> >>>>>>>>>>
> >>>>>>>>>>> publics back to the ether1 address of the RB. This all sounds
> >>>>>>>>>>>> right
> >>>>>>>>>>>> to
> >>>>>>>>>>>>
> >>>>>>>>>>>>  me.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> This all sounds correct to me.  From a connected device on the
> lan
> >>>>>>>>>>> side
> >>>>>>>>>>> (the 207.235.23.0/26 block), you are able to ping everything
> >>>>>>>>>>> inside
> >>>>>>>>>>>
> >>>>>>>>>>>  your
> >>>>>>>>>> network, but not beyond that?  I'd doublecheck to ensure there
> is
> >>>>>>>>>> NOT
> >>>>>>>>>>
> >>>>>>>>>>> a
> >>>>>>>>>>> NAT rule in place on the MT that is causing this issue.
> >>>>>>>>>>>
> >>>>>>>>>>> --
> >>>>>>>>>>>
> ****************************************************************
> >>>>>>>>>>> ****
> >>>>>>>>>>> ********
> >>>>>>>>>>> * Butch Evans                * Professional Network
> Consultation
> >>>>>>>>>>>   *
> >>>>>>>>>>> * http://www.butchevans.com/ * Network Engineering
> >>>>>>>>>>>   *
> >>>>>>>>>>> * http://store.wispgear.net/ * Wired or Wireless Networks
> >>>>>>>>>>>    *
> >>>>>>>>>>> * http://blog.butchevans.com/ * ImageStream, Mikrotik and
> MORE!
> >>>>>>>>>>>    *
> >>>>>>>>>>> *          NOTE THE NEW PHONE NUMBER: 702-537-0979
> >>>>>>>>>>>   *
> >>>>>>>>>>>
> ****************************************************************
> >>>>>>>>>>> ****
> >>>>>>>>>>> ********
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> ______________________________****_________________
> >>>>>>>>>>> Mikrotik mailing list
> >>>>>>>>>>> Mikrotik at mail.butchevans.com
> >>>>>>>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<
> http://www.butchevans.com/**mailman/listinfo/mikrotik>
> >>>>>>>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<
> http://www.butchevans.com/mailman/listinfo/mikrotik>
> >>>>>>>>>>> >
> >>>>>>>>>>>
> >>>>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to
> >>>>>>>>>>> Mikrotik
> >>>>>>>>>>> RouterOS
> >>>>>>>>>>>
> >>>>>>>>>>>  -------------- next part --------------
> >>>>>>>>>>>
> >>>>>>>>>> An HTML attachment was scrubbed...
> >>>>>>>>>> URL:<
> >>>>>>>>>>
> >>>>>>>>>>  http://www.butchevans.com/****pipermail/mikrotik/**<
> http://www.butchevans.com/**pipermail/mikrotik/**>
> >>>>>>>>> attachments/20120606/477593d7/****attachment.html<http://www.**
> >>>>>>>>> butchevans.com/pipermail/**mikrotik/attachments/20120606/**
> >>>>>>>>> 477593d7/attachment.html<
> http://www.butchevans.com/pipermail/mikrotik/attachments/20120606/477593d7/attachment.html
> >
> >>>>>>>>> >
> >>>>>>>>>
> >>>>>>>>>  ______________________________****_________________
> >>>>>>>>>> Mikrotik mailing list
> >>>>>>>>>> Mikrotik at mail.butchevans.com
> >>>>>>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<
> http://www.butchevans.com/**mailman/listinfo/mikrotik>
> >>>>>>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<
> http://www.butchevans.com/mailman/listinfo/mikrotik>
> >>>>>>>>>> >
> >>>>>>>>>>
> >>>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to
> >>>>>>>>>> Mikrotik
> >>>>>>>>>>
> >>>>>>>>>>  RouterOS
> >>>>>>>>>
> >>>>>>>>> ______________________________****_________________
> >>>>>>>>> Mikrotik mailing list
> >>>>>>>>> Mikrotik at mail.butchevans.com
> >>>>>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<
> http://www.butchevans.com/**mailman/listinfo/mikrotik>
> >>>>>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<
> http://www.butchevans.com/mailman/listinfo/mikrotik>
> >>>>>>>>> >
> >>>>>>>>>
> >>>>>>>>> Visit http://blog.butchevans.com/ for tutorials related to
> Mikrotik
> >>>>>>>>> RouterOS
> >>>>>>>>>
> >>>>>>>>>  -------------- next part --------------
> >>>>>>>>>
> >>>>>>>> An HTML attachment was scrubbed...
> >>>>>>> URL:<http://www.butchevans.****com/pipermail/mikrotik/**
> >>>>>>> attachments/20120613/330c7e92/****attachment.html<http://www.**
> >>>>>>> butchevans.com/pipermail/**mikrotik/attachments/20120613/**
> >>>>>>> 330c7e92/attachment.html<
> http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/330c7e92/attachment.html
> >
> >>>>>>> >
> >>>>>>> ______________________________****_________________
> >>>>>>> Mikrotik mailing list
> >>>>>>> Mikrotik at mail.butchevans.com
> >>>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<
> http://www.butchevans.com/**mailman/listinfo/mikrotik>
> >>>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<
> http://www.butchevans.com/mailman/listinfo/mikrotik>
> >>>>>>> >
> >>>>>>>
> >>>>>>> Visit http://blog.butchevans.com/ for tutorials related to
> Mikrotik
> >>>>>>> RouterOS
> >>>>>>>
> >>>>>>>
> >>>>>>> -----
> >>>>>>> No virus found in this message.
> >>>>>>> Checked by AVG - www.avg.com
> >>>>>>> Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date:
> >>>>>>> 06/12/12
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>  --
> >>>>>> Scott Reed
> >>>>>> Owner
> >>>>>> NewWays Networking, LLC
> >>>>>> Wireless Networking
> >>>>>> Network Design, Installation and Administration
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Mikrotik Advanced Certified
> >>>>>>
> >>>>>> www.nwwnet.net
> >>>>>> (765) 855-1060
> >>>>>> (765) 439-4253
> >>>>>> (855) 231-6239
> >>>>>>
> >>>>>>
> >>>>>> ______________________________****_________________
> >>>>>> Mikrotik mailing list
> >>>>>> Mikrotik at mail.butchevans.com
> >>>>>> http://www.butchevans.com/****mailman/listinfo/mikrotik<
> http://www.butchevans.com/**mailman/listinfo/mikrotik>
> >>>>>> <http**://www.butchevans.com/mailman/**listinfo/mikrotik<
> http://www.butchevans.com/mailman/listinfo/mikrotik>
> >>>>>> >
> >>>>>>
> >>>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> >>>>>> RouterOS
> >>>>>>
> >>>>>>
> >>>>>  -------------- next part --------------
> >>>> An HTML attachment was scrubbed...
> >>>> URL:<http://www.butchevans.**com/pipermail/mikrotik/**
> >>>> attachments/20120613/e6e1a8ee/**attachment.html<
> http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/e6e1a8ee/attachment.html
> >
> >>>> >
> >>>> ______________________________**_________________
> >>>> Mikrotik mailing list
> >>>> Mikrotik at mail.butchevans.com
> >>>> http://www.butchevans.com/**mailman/listinfo/mikrotik<
> http://www.butchevans.com/mailman/listinfo/mikrotik>
> >>>>
> >>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> >>>> RouterOS
> >>>>
> >>> ______________________________**_________________
> >>> Mikrotik mailing list
> >>> Mikrotik at mail.butchevans.com
> >>> http://www.butchevans.com/**mailman/listinfo/mikrotik<
> http://www.butchevans.com/mailman/listinfo/mikrotik>
> >>>
> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> >>> RouterOS
> >>>
> >>>
> >>> -----
> >>> No virus found in this message.
> >>> Checked by AVG - www.avg.com
> >>> Version: 2012.0.2178 / Virus Database: 2433/5065 - Release Date:
> 06/12/12
> >>>
> >>>
> >>>
> >>>
> >> --
> >> Scott Reed
> >> Owner
> >> NewWays Networking, LLC
> >> Wireless Networking
> >> Network Design, Installation and Administration
> >>
> >>
> >>
> >> Mikrotik Advanced Certified
> >>
> >> www.nwwnet.net
> >> (765) 855-1060
> >> (765) 439-4253
> >> (855) 231-6239
> >>
> >>
> >> ______________________________**_________________
> >> Mikrotik mailing list
> >> Mikrotik at mail.butchevans.com
> >> http://www.butchevans.com/**mailman/listinfo/mikrotik<
> http://www.butchevans.com/mailman/listinfo/mikrotik>
> >>
> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> >> RouterOS
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> http://www.butchevans.com/pipermail/mikrotik/attachments/20120613/322dcf4a/attachment.html
> >
> > _______________________________________________
> > Mikrotik mailing list
> > Mikrotik at mail.butchevans.com
> > http://www.butchevans.com/mailman/listinfo/mikrotik
> >
> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
> _______________________________________________
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> http://www.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20120614/cf2da25a/attachment.html>


More information about the Mikrotik mailing list