[afnog] My router config

Sunday A Folayan sfolayan at skannet.com.ng
Wed Jun 29 14:44:05 EAT 2005 

Wonder,

The Original problem you stated was:

>I have bought a mikrotik router
>
>My current network is on 192.168.0.0/16 subnet: 255.255.0.0, I am
>running NAT to internet, I have configured my router with 10.10.10.0/24
>subnet 255.255.255.0, and Ethernet 1 has 2 ip addresses, 10.0.0.0.1 and
>192.168.12.165. From the router I can ping any client on either networks
>but when I ping from a client I can not go through to a different network.
>
>The routing is dynamic. Please may you help me.

 From your export, Your network looks


                    +---------------+             \/
  Ether1    LOCAL   |eth1       eth2| Wireless    |
-------------------|               |-------------+
   10.10.10.1       |               | 172.16.1.1
   192.168.12.19    +---------------+ 172.16.2.1


Looking at your export dump, it is certain that you have 3 ethernet ports 
on your router, but you have assigned IPs to just 2 interfaces. Is this 
your intention? Do you really want to alias two separate IP blocks to your 
router on either side?

You have configured VRRP, which is not the same as dynamic routing. From 
the Mikrotik Manual:

"Virtual Router Redundancy Protocol (VRRP) implementation in the MikroTik 
RouterOS is RFC2338 compliant. VRRP protocol is used to ensure constant 
access to some resources. Two or more routers (referred as VRRP Routers in 
this context) create a highly available cluster (also referred as Virtual 
routers) with dynamic fail over. Each router can participate in not more 
than 255 virtual routers per interface. Many modern routers support this 
protocol. Network setups with VRRP clusters provide high availability for 
routers without using clumsy ping-based scripts."

You cannot run VRRP with a single router, and VRRP will not do dynamic 
routing. Go ahead and add the static routes onto your router, most 
especially the default route.

/ip route add dst-address=0.0.0.0/0 gateway=10.10.10.254 [I assume]

If you really want to do dynamic routing, go ahead and configure OSPF, of 
if you have the liver ... RIP.

Cheers.

SF.

At 09:23 AM 6/28/2005, Wonder Chikohomero wrote:
>
>Terminal ansi detected, using single line input mode
>[admin at UCMPemba] > export ip
>no such argument (ip)
>[admin at UCMPemba] > ip export
># jan/01/2000 02:00:46 by RouterOS 2.9rc5
># software id = 5AGC-3TT
>#
>/ ip pool
>add name="pppoe" ranges=10.5.5.0/24
>add name="dhcp_pool1" ranges=172.16.1.2-172.16.1.254
>/ ip hotspot service-port
>set ftp ports=21 disabled=no
>/ ip hotspot profile
>set default name="default" hotspot-address=0.0.0.0 dns-name="" \
>     html-directory="" rate-limit="" http-proxy=0.0.0.0:0 
> smtp-server=0.0.0.0 \
>     login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no \
>     use-radius=no
>/ ip hotspot user profile
>set default name="default" idle-timeout=none keepalive-timeout=2m \
>     status-autorefresh=1m shared-users=1 transparent-proxy=yes \
>     open-status-page=always advertise=no
>/ ip dhcp-server config
>set store-leases-disk=5m
>/ ip ipsec proposal
>add name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m \
>     lifebytes=0 pfs-group=modp1024 disabled=no
>/ ip service
>set telnet port=23 address=0.0.0.0/0 disabled=no
>set ftp port=21 address=0.0.0.0/0 disabled=no
>set www port=80 address=0.0.0.0/0 disabled=no
>set ssh port=22 address=0.0.0.0/0 disabled=no
>set www-ssl port=443 address=0.0.0.0/0 disabled=yes
>/ ip upnp
>set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
>/ ip arp
>/ ip socks
>set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
>/ ip dns
>set primary-dns=192.168.12.2 secondary-dns=0.0.0.0 allow-remote-requests=no \
>     cache-size=2048KiB cache-max-ttl=1w
>/ ip dns static
>add name="mpuaefs1" address=192.168.12.2 ttl=1d
>/ ip traffic-flow
>set enabled=no interfaces=all cache-entries=1k active-flow-timeout=30m \
>     inactive-flow-timeout=15s
>/ ip address
>add address=10.10.10.1/24 network=10.10.10.0 broadcast=10.10.10.255 \
>     interface=LOCAL comment="" disabled=no
>add address=172.16.1.1/24 network=172.16.1.0 broadcast=172.16.1.255 \
>     interface=WIRELESS comment="" disabled=no
>add address=172.16.2.1/24 network=172.16.2.0 broadcast=172.16.2.255 \
>     interface=WIRELESS comment="" disabled=yes
>add address=192.168.12.19/16 network=192.168.0.0 broadcast=192.168.255.255 \
>     interface=LOCAL comment="" disabled=no
>/ ip accounting
>set enabled=no threshold=256
>/ ip accounting web-access
>set accessible-via-web=no address=0.0.0.0/0
>/ ip proxy
>set enabled=no port=8080 parent-proxy=0.0.0.0:0 
>maximal-client-connecions=1000 \
>     maximal-server-connectons=1000
>/ ip vrrp
>add name="vr1" interface=ether2 vrid=1 priority=100 interval=1 \
>     preemption-mode=yes authentication=none password="" on-backup="" \
>     on-master="" disabled=no
>/ ip vrrp address
>add address=192.168.0.0/32 network=192.168.12.1 broadcast=192.168.255.255 \
>     virtual-router=vr1 disabled=no
>/ ip neighbor discovery
>set LOCAL discover=yes
>set ether2 discover=yes
>set ether3 discover=yes
>set WIRELESS discover=yes
>set bridge1 discover=yes
>/ ip route
>/ ip firewall connection tracking
>set enabled=yes tcp-syn-sent-timeout=2m tcp-syn-received-timeout=1m \
>     tcp-established-timeout=5d tcp-fin-wait-timeout=2m \
>     tcp-close-wait-timeout=1m tcp-last-ack-timeout=30s \
>     tcp-time-wait-timeout=2m tcp-close-timeout=10s udp-timeout=30s \
>     udp-stream-timeout=3m icmp-timeout=30s generic-timeout=10m
>/ ip firewall service-port
>set ftp ports=21 disabled=no
>set tftp ports=69 disabled=no
>set irc ports=6667 disabled=no
>set h323 disabled=yes
>set quake3 disabled=no
>set mms disabled=no
>set gre disabled=yes
>set pptp disabled=yes
>[admin at UCMPemba] >
>
>Looking forwad to your continuos assistance. Its my first experience 
>otherwise I am used to the traditional cisco IOS.
>
>Wonderc
>
>**************************************************************
>Scanned by eScan Anti-Virus and Content Security Software.
>Visit <http://www.mwti.net>http://www.mwti.net for more info on eScan and 
>MailScan.
>**************************************************************
>
>_______________________________________________
>afnog mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserv2.cfi.co.ug/mailman/private/afnog/attachments/20050629/77f125b6/attachment.html

More information about the afnog mailing list