I can't ping externel Ip like my Gateway !

o_hawchar86 · November 26, 2006, 7:25am

What to Do .. ! from the router i can but outside of the router i can’t !

galaxynet · November 26, 2006, 3:20pm

o_hawchar86 - for anyone to really help you - you need to give a lot more info…

IP addresses and routes would be a good start.

From your description though it sounds like you don’t have route 0/0 in routing policy set to lookup table main and/or you don’t have the default route ( 0/0 ) in route table main set to go to your gateway…

Could be your masqurade rule, src/dst nat rule(s) as well.

Give us some info and we’ll help you out.

ajmal · November 26, 2006, 5:06pm

provide more info about ur interface/Ip.

galaxynet · November 26, 2006, 7:08pm

IP addresses - interface
routes - include policy routing rules if you have any
masqurade rule, src/dst nat rule(s)

Thom

o_hawchar86 · November 27, 2006, 5:43am

DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE

0 ADC 10.20.30.0/24 10.20.30.1 Network
1 ADC my ip range.152/29 my ip Cable
2 A S ;;; added by setup
0.0.0.0/0 r my gateway Cable

galaxynet · November 27, 2006, 1:42pm

o_hawchar86 -

I see from your post above that you have a dynamic IP address from your cable provider as your gateway.... I haven't used that feature of route setting to setup any of the routers that I have... I use static IPs for gateways always.
There are several posts on how to use dynamic IPs for gateways - please do a search and look at the info to make sure you are getting and using the IP address given from your cable provider correctly and getting it updated as necessary as it changes....

I have IP addresses (207.115.65.xxx/xx) routed from the Telco to my gateway 66.114.146.xxx

This is print from one of my routers... Your output (print) should be very similiar except for the actual addresses/subnet masks...if not - then there is your problem..... My last octect of IP has been removed and replaced with "xx".

Thom

Using terminal mode:

command: ip address print

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.1.1/16 192.168.0.0 192.168.255.255 ether1
1 66.114.146.xxx/24 66.114.146.0 66.114.146.255 ether2

command: ip route print

Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf
DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
A S 0.0.0.0/0 r 66.114.146.1 ether2

command: ip route rule print

src-address=0.0.0.0/0 dst-address=0.0.0.0/0 action=lookup table=main

command: ip firewall nat print

;;; All for now 192 to 207.115.65.xxx (this is a comment)
chain=srcnat src-address=192.168.0.0/16 action=src-nat to-addresses=207.115.65.xxx to-ports=0-65535

o_hawchar86 · November 27, 2006, 5:58pm

@ galaxynet

i added

ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade

now i can ping i don’t know what this command means, but it works can u explain me what happened

another thing is it possible to view webproxy log in log i mean what sites are currently requested and is it possible to view most visites sites in graph tool !

galaxynet · November 29, 2006, 1:49pm

o_hawchar86 -

Basically masqurade or NAT changes the ‘source’ IP address of the outgoing TCP/UDP data packet. When the answering packet returns it is dst-nat’d or ‘un-masquraded’ back to the requesting IP address by the MT router.

What was happening before was that your MT router was sending your Internet requests with the IP address range of 10.20.30.0/24 - (your LAN Network) out of the router to your cable provider’s network. The MT expected the packets to get routed by the next router upstream (Cable company). Since the cable company does not route your private IP packets they (private IP address packets) just die in transit on the cable network.

What is happening now - is that all your internal IP packets have been masquraded to the same IP address as your MT router’s WAN, (from your message) “my ip range.152/29 my ip Cable”. Now the cable company’s router knows where to send packets from that IP range to/from - the MT knows it sent the packets out and tracks the connections. The returning packets get sent back to the requesting private address (LAN) requestor (un-masquraded if you will).

Sounds like you really need to read about TCP routing. Here on the Mikrotik site there are some excellent articles about TCP and routing - I don’t remember where they posted the “References” at but I know its in the docs somewhere - perhaps FAQs?. Also the Mikrotik wiki forum has some good info.

There is a way to look at the webproxy log - I don’t recall the specifics at the moment. However I do know that it only shows IP addresses not URLs. As for graphing…I don’t know the answer for that - look in the MT scripting forum and see if someone has done it before…

Thom