OSPF setup

tiger4020 · March 5, 2017, 12:28pm

So what am I doing wrong?

Sent from my SAMSUNG-SM-G935A using Tapatalk

dgnevans · March 5, 2017, 12:59pm

In my experience you need to have a network under ospf network that covers the inter connectivity between routers. then on each of the routers you should put the network that is behind that router that you would like to share. from what I can see you have missing networks on the routers. https://wiki.mikrotik.com/wiki/Manual:OSPF-examples The only network you have added is your loopback network.

tiger4020 · March 6, 2017, 1:10am

How many more networks… I already have a network for the 2 routers…

dgnevans · March 6, 2017, 6:26am

Please can you

routing ospf export

from each router and then tell us what the ip address of each router is on the side that is connected to the switch and main router.

tiger4020 · March 18, 2017, 10:11pm

Guys.. it was my rule that was not allowing OSPF. I diasbaled all my filter rules and it OSPF is running.

Can you help me identify which rule it may be ?

Thanks

Sent from my SAMSUNG-SM-G935A using Tapatalk

tiger4020 · March 18, 2017, 10:11pm

Guys.. it was my rule that was not allowing OSPF. I diasbaled all my filter rules and it OSPF is running.

Can you help me identify which rule it may be ?

Thanks

Sent from my SAMSUNG-SM-G935A using Tapatalk

tiger4020 · March 18, 2017, 10:11pm

Guys.. it was my rule that was not allowing OSPF. I diasbaled all my filter rules and it OSPF is running.

Can you help me identify which rule it may be ?

Thanks

Sent from my SAMSUNG-SM-G935A using Tapatalk

dgnevans · March 19, 2017, 8:27am

I added this rule to my firewall to allow ospf

add action=accept chain=input comment=OSPF dst-address=224.0.0.5

petrb · March 19, 2017, 8:27am

you must have some rules to allow ospf in firewall like

$IPTABLES -A INPUT -i eth1 -p 2 -j ACCEPT # IGMP
$IPTABLES -A INPUT -i eth1 -p 89 -j ACCEPT # OSPF

(its protocol 2-egp and 89-ospf, NOT tcp ports)

tiger4020 · March 19, 2017, 8:38am

Let me try this.. thanks

Sent from my SAMSUNG-SM-G935A using Tapatalk

tiger4020 · March 19, 2017, 8:40am

Here eth1 is the outgoing port of OSPF correct?

Sent from my SAMSUNG-SM-G935A using Tapatalk

petrb · March 19, 2017, 8:55am

yes, this was example from iptables, but rule is for incoming

AldoJimenez · March 23, 2017, 2:34pm

The rule that was causing your headaches is:

add action=drop chain=input comment="Drop everything else"

If you want to drop everything in the input chain the you must allow OSPF communication. To get a better idea of how this works you could use Wireshark in a lab environment or download a cap from their Sample Captures Library.

Simple OSPF initialization
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ospf.cap

In the capture you will notice four important addresses:

Router A
Router B
224.0.0.5
224.0.0.6

Since you are only dropping traffic on the Input chain then that is were you should create a new set of rules; above the drop all rule. If you were to do the same on the output chain the a separate set of filter rules must be applied to that chain as well for OSPF to communicate properly.

Hope this helps!

tiger4020 · March 23, 2017, 2:36pm

AldoJimenez:

tiger4020:

Guys.. it was my rule that was not allowing OSPF. I diasbaled all my filter rules and it OSPF is running.

Can you help me identify which rule it may be ?

Thanks

Sent from my SAMSUNG-SM-G935A using Tapatalk

The rule that was causing your headaches is:
add action=drop chain=input comment="Drop everything else"
If you want to drop everything in the input chain the you must allow OSPF communication. To get a better idea of how this works you could use Wireshark in a lab environment or download a cap from their Sample Captures Library.

Simple OSPF initialization
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ospf.cap

In the capture you will notice four important addresses:

Router A
Router B
224.0.0.5
224.0.0.6

Since you are only dropping traffic on the Input chain then that is were you should create a new set of rules; above the drop all rule. If you were to do the same on the output chain the a separate set of filter rules must be applied to that chain as well for OSPF to communicate properly.

Hope this helps!

Thanks.. let me look into this…

Sent from my SAMSUNG-SM-G935A using Tapatalk

43north · October 29, 2017, 3:32am

AldoJimenez:

tiger4020:

Guys.. it was my rule that was not allowing OSPF. I diasbaled all my filter rules and it OSPF is running.

Can you help me identify which rule it may be ?

Thanks

Sent from my SAMSUNG-SM-G935A using Tapatalk

The rule that was causing your headaches is:
add action=drop chain=input comment="Drop everything else"
If you want to drop everything in the input chain the you must allow OSPF communication. To get a better idea of how this works you could use Wireshark in a lab environment or download a cap from their Sample Captures Library.

Simple OSPF initialization
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=ospf.cap

In the capture you will notice four important addresses:

Router A
Router B
224.0.0.5
224.0.0.6

Since you are only dropping traffic on the Input chain then that is were you should create a new set of rules; above the drop all rule. If you were to do the same on the output chain the a separate set of filter rules must be applied to that chain as well for OSPF to communicate properly.

Hope this helps!

So what does the firewall rule need to look like to allow the OSPF communication? I am also have a problem as I have a drop all rule in place