Can't get out of the router

ScooterB · November 5, 2004, 1:29pm

Hello all. I am pretty new at this so be patient. I have a routerboard running v2.8 lic, level 5. At this point I am trying to just do some basics. I have this routerboard which has two enet interfaces. One public; one private. I have a basic source NAT rule in place. I am not sure that the syntax is correct though. Anyway, Everything seems to be per the manual but I can’t get out of the router to the internet. What are some of the basic things I can look at to determine where my block is. I have tried to do a traceroute, but it won’t get past the Public interface. Thanks for your help in advance.

piwi3910 · November 5, 2004, 1:58pm

see header…

so we can check what you did

ScooterB · November 5, 2004, 2:15pm

I guess I am showing my newbiness, but I am not sure what you are wanting to see. Please be more specific and I’ll be glad to post what you want. Thanks for replying.

Roman · November 5, 2004, 2:36pm

post that src-nat rule, your /ip address print and /interface print

ScooterB · November 5, 2004, 3:14pm

The router is not plugged into the outside world right now. That is why it doesn't show the PPPoe inte running. When I do plug it in, it connects in a matter of seconds so no problem there.

[admin@BWRPWA] ip> address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.10.1/24 192.168.10.0 192.168.10.255 Private
1 69.29.6.113/29 69.29.6.112 69.29.6.119 Public

[admin@BWRPWA] ip> /interface print
Flags: X - disabled, D - dynamic, R - running

NAME TYPE RX-RATE TX-RATE MTU

0 R Public ether 0 0 1500
1 R Private ether 0 0 1500
2 pppoe-out1 pppoe-out 0 0 1480
[admin@BWRPWA] ip> firewall
[admin@BWRPWA] ip firewall> pr

NAME POLICY

0 input accept
1 forward accept
2 output accept
[admin@BWRPWA] ip firewall> src-nat
[admin@BWRPWA] ip firewall src-nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 out-interface=Public action=nat
[admin@BWRPWA] ip firewall src-nat>

Thanks for your help with this!!!

andrewluck · November 5, 2004, 7:59pm

src-nat action should be masquerade, not nat.

Regards

Andrew

nhalachev · November 5, 2004, 8:10pm

Well, you may want to try with :
/ip firewall src-nat add src-address=192.168.10.0/24 out-interface=pppoe-out1 action=masquerade
This is assuming your interface to the world is pppoe-out1.
If you use action=nat must specify to-src-address=xx.xx.xx.xx.
Also, if you realy use pppoe to reach the world, do not forget to mangle tcp ssyn-only packets to right mss value.

ScooterB · November 5, 2004, 8:12pm

I’ve tried both.

ScooterB · November 5, 2004, 8:17pm

That was wierd. I was trying to reply to the post prior to the post just previuous to this one and when I sent the reply, the other post showed up first. Wow, what timing. oh well. Anyway, I did try a SNAT rule using both NAT and masquerade but got the same results. I will try again and repost. Thanks for all your help!!

nhalachev · November 5, 2004, 8:37pm

If you use pppoe to connect to the internet, you generally must specify pppoe out interface in src-nat rule, not Public.