Community discussions

MikroTik App
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

understanding routes ....

Sat Feb 25, 2006 1:16 pm

So, the last one for today ...

We don't define routes except for gateway. Then we use masquarading on outgoing interface and voila, we are done. So we can ping from one network, to another one, in terms of masquaraded interfaces in one machine. But - what if I don't want to use masquarading?

Let's say I have ether1=10.0.0.1, ether2=10.0.1.1 .... no nat/masquarading, and I want to be able to access (ping) from one network to another one. How to do it properly?

I know it is simple, but when I have more interfaces, masquarading etc., I tried to add some routes, but router either screamed such route is not possible to add, or simply appeared as red entry, dunno what it means ...

OK, that's all for now, thanks a lot :-)
cheers,
-pekr-
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1734
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Mon Feb 27, 2006 8:47 am

If you are talking about setup:

one network <-router-> second network

You just need to set up a default route on the all PC on the both networks.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Mon Feb 27, 2006 12:33 pm

Hmm, let's just not compliate set-up with more routers this time :-)

I have one router, with

eth1 - local1 - 10.0.0.1
eth2 - local2 - 10.0.1.1
eth3 - public - 10.5.1.1

now the simples thing of how to ping from local1 to local2 is to use masquarading on outgoing interface = eth3 = public. It simply pings. But let's forget masquarading. I would like to know simple routes which need to be added to ping from local1 to local2 and vice versa.

btw - what does it mean, when your static route you add is displayed in red-color in WinBox? Is it invalid?

Thanks,
Petr
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1734
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Mon Feb 27, 2006 1:01 pm

For clients behind eth1 gateway is 10.0.0.1
For clients behind eth2 gateway is 10.0.1.1

And both networks are routed together! Thats all!

Red route - invalid route, router can't find gateway address in nearby networks
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Mon Feb 27, 2006 1:23 pm

OK - red route rule - clear to me now ....

I will try with using gateways then:-) I just thought that some kind of defining destination and preferred source will be involved to have local1 and local2 accessible to each other.

I will try some experiments with routing and NATting once I get next RB, as currently we have them all installed and don't want to mess with running network set-up :-)

cheers,
Petr
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Tue Feb 28, 2006 9:04 am

I just tried this morning to play with routes, and I really must be dumb or what, but I can't easily ping from one network to the other:

Let's assume:

PC: 10.0.0.88, connected to switch, whole network via Ovislink 2.4 connected MT router (10.0.0.254 set as a gw on pc):

MT router:
wlan1, wlan2 - bridged, IP 10.0.0.254
wlan3 5GHZ AP to allow other network nodes to connect, it has 10.0.5.1 IP

Now - from my PC (10.0.0.88 ) I can ping my gw (wlan1, wlan2 bridge 10.0.0.254), I can ping wlan3 (10.0.5.1). But - I wanted to ping to 10.0.5.2 5GHz client, which is our first remote location MT node, which we connected to our main MT router. I succesfully can ping 10.0.5.2 from MT router directly, but not from PC.

I tried to add static route as follows:

dst-address=10.0.5.0/24
gateway=10.0.0.254

(plus I tried various other ways by using pref-source parameter), but I was not able to achieve the state, where I coudl ping from my PC to 10.0.5.2 remote MT. I also searched on internet, read docs, but the most stupid thing I want to achieve I can't find anywhere ;-)

PS: I already ordered book on routing as this thing really bothers me :-)

Petr
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1734
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Tue Feb 28, 2006 10:16 am

Remote router don't know where your PC are - i think if you will try to ping your PC from thar remote router you eill get "no route to host"

Place a correct route to the remote router!
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Tue Feb 28, 2006 11:42 am

Remote router don't know where your PC are - i think if you will try to ping your PC from thar remote router you eill get "no route to host"

Place a correct route to the remote router!
Ah, so finally we are very near. I know I have to place correct route, I just don't know why! That was the point of my posts from the very beginning. Please, write the route in accordance to above scenario for me :-) ...

Thanks,
-pekr-
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue Feb 28, 2006 11:50 am

Every device/ip address not in your own subnet cannot reach you directly, but has to get there by routing.
As long as you do not configure a route telling the 10.0.5.2 machine the it can reach your network 10.0.0.0/24 by going over your AP (i.e. by using the gateway with ip address 10.0.5.1 as next hop), the 10.0.5.2 has no way to tell how it should get ip packets through to you (that would be the ping replies in that case).

If the 10.0.5.2 would have a default route to 10.0.5.1 it should work, too - as the default route is just that: a default route over which all pakets are sent that are not for recepients in the own local subnet and for which no more specific route has been configured on the sending machine.

So to reach your goal, you have to set either a default route to 10.0.5.1 on the 10.0.5.2 machine, or configure a route to 10.0.0.0/24 over 10.0.5.1 on it. How to do that depends on the operating system that's running on the 10.0.5.2...

Does that help?

Best regards,
Christian Meis
 
GJS
Member
Member
Posts: 418
Joined: Sat May 29, 2004 4:07 pm
Location: London

Tue Feb 28, 2006 12:09 pm

Personally, I think using a default route to reach a *specific* network is a rather confusing concept. Try using a default route only when you want to reach a network which you know nothing about. e.g. a host on the Internet. Then use static routes to reach a network that you do know about e.g. one that you have directly or indirectly connected to your router. For directly connected networks, MT automatically creates routing information and marks it with a D in the routing table. For example, when you add an address of 10.0.0.1/24 to eth1, MT automatically adds a routing table entry to say that any packet with a destination address of 10.0.0.1 to 10.0.0.255 should be sent out of the eth1 interface. With a default route you are giving the router the name of a *host* to send packets to when it does not have any other information for the destination address of the packet. For example, say we have another router with an address of 10.0.1.1/24 connected to the MT eth2 interface which we know can reach the internet, we set our default route to 10.0.1.1 and then a packet with any destination address other than 10.0.0.0/24 or 10.0.1.0/24 gets sent to 10.0.1.1. via eth2.

Hope that helps.
 
User avatar
mag
Member
Member
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

Tue Feb 28, 2006 12:28 pm

(sorry for posting, just a mistake)
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Tue Feb 28, 2006 1:57 pm

Every device/ip address not in your own subnet cannot reach you directly, but has to get there by routing.
As long as you do not configure a route telling the 10.0.5.2 machine the it can reach your network 10.0.0.0/24 by going over your AP (i.e. by using the gateway with ip address 10.0.5.1 as next hop), the 10.0.5.2 has no way to tell how it should get ip packets through to you (that would be the ping replies in that case).

If the 10.0.5.2 would have a default route to 10.0.5.1 it should work, too - as the default route is just that: a default route over which all pakets are sent that are not for recepients in the own local subnet and for which no more specific route has been configured on the sending machine.

So to reach your goal, you have to set either a default route to 10.0.5.1 on the 10.0.5.2 machine, or configure a route to 10.0.0.0/24 over 10.0.5.1 on it. How to do that depends on the operating system that's running on the 10.0.5.2...

Does that help?

Best regards,
Christian Meis
yes, that does help a bit. All our machines OS is just MT. So I need reverse aproach - I want 10.0.0.0/24 clients, which go via 10.0.0.254 (MT wlan1 interface), to be able to ping 10.0.5.2 on remote MT box, which is connected to our machine to 10.0.5.1 wlan2 interface

MT-remote-node[wlan-remote-cl(10.0.5.2)] <---> MT-main-router[wlan2-AP (10.0.5.1), wlan1-AP(10.0.0.254)] <---> [PC clients(10.0.0.x, gw set to 10.0.0.254) - ping 10.0.5.2 here ... I can ping only to 10.0.5.1, but not further]

I hope that now I am close to define static route :-) I tried to define it as:

destination=10.0.5.0/24, gateway=10.0.0.254, it was accepted, had S mark to it, was in blue colour, but interface was shown as unknown. The gateway 10.0.0.254 is in fact bridge of two 2.4 wlan radios.

Petr
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue Feb 28, 2006 3:50 pm

Petr,

even to be able to ping from 10.0.0.0/24 clients to 10.0.5.2 you also need a route on 10.0.5.2 to route back to the 10.0.0.0/24 network - the reply packets have to know how to get back to you pinging machine!

But you're really close now ;-)

Best regards,
Christian Meis
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Tue Feb 28, 2006 4:53 pm

Petr,

even to be able to ping from 10.0.0.0/24 clients to 10.0.5.2 you also need a route on 10.0.5.2 to route back to the 10.0.0.0/24 network - the reply packets have to know how to get back to you pinging machine!

But you're really close now ;-)

Best regards,
Christian Meis
;-) ah, well. It is just that on the remote machine (10.0.5.2), there is the default route (GW) set to 10.0.5.1, so the packet should get back to 10.0.5.1 at least ...

OK, so I will try (ignore syntax for now, not working in console so much :-) :

on MT-main-router-box:
/ip route add dst-address=10.0.5.0/24 gateway=10.0.0.254

on MT-remote-node-box:
/ip route add dst-address=10.0.0.0/24 gateway=10.0.0.5.1 (or 10.0.0.5.2?) :-)

? :-)

btw - what is preferred source field good for?

-pekr-

Who is online

Users browsing this forum: domon, Egert143, hatred, theonemikrotik and 114 guests