Community discussions

MUM Europe 2020
 
myke1124
just joined
Topic Author
Posts: 20
Joined: Fri Mar 28, 2014 2:15 am

NAT killing OSPF

Mon Jan 16, 2017 11:08 pm

/interface bridge add name=loopback
/interface bridge settings set use-ip-firewall=yes
/ip address
 add address=123.123.123.208/32 interface=loopback
 add address=10.100.100.117/29 interface=ether1-gateway
 add address=10.212.1.1/29 interface=ether2-south_tower
 add address=10.212.8.1/24 interface=ether3-north_AP
/ip route add gateway=10.100.100.113
Basic OSPF setup.
/routing ospf interface
 add network-type=broadcast passive=yes
 add authentication=md5 authentication-key=myOSPFkey interface=ether1-gateway network-type=broadcast priority=0
 add authentication=md5 authentication-key=myOSPFkey interface=ether2-south_tower network-type=broadcast priority=0
I got OSPF working. I then added a NAT rule to the configuration.
/ip firewall address-list
 add list=my_network address=10.0.0.0/8
 add list=my_network address=123.123.123.0/24
/ip firewall nat
 add action=src-nat chain=srcnat dst-address-list=!my_network src-address=10.0.0.0/8 to-addresses=123.123.123.208
After adding my nat statement my OSPF neighbor is lost. I have tried adding protocol=!ospf dst-address-type=unicast out-interface=ether1-gateway to my nat statement. I have also added 224.0.0.0/23 and 255.255.255.255 to the my_network address list. I have tried several router OS versions and different routerboard models.

My conclusion is the nat statement is matching the osfp traffic.
 
patrick7
Member Candidate
Member Candidate
Posts: 298
Joined: Sat Jul 20, 2013 2:40 pm

Re: NAT killing OSPF

Mon Jan 16, 2017 11:40 pm

Are you sure it's only /23?
You could add the following rule before nat:
add chain=srcnat protocol=ospf action=accept

Who is online

Users browsing this forum: No registered users and 16 guests