Page 1 of 1

Building a routed network

Posted: Fri Jan 28, 2005 10:37 pm
by sligbot
Hi everyone,
So I'm working on building an internal routed network and can just about get the thing going, save for 1 problem: I can't ping my default gateway. I'll layout what I've done and look for suggestions as to the solution (I'm sure it's simple and I'm just missing something obvious)...

I've layed out the more technical details below but a short synopsis is as follows. I'm trying to setup a routed network whereby my PC (connected to my "station" device -- one wireless and one ethernet port) can communicate with my default gateway. For instance:
PC -- Station -- AP -- Soho router
I've used internet IP's completely but swapped between the 192.168.0.0 world and the 10.0.0.0 world. I use 10.x.x.1 and 10.x.x.x to connect my AP to my station, and have successfully routed a 192.168.x.x IP from the PC, over the routed network to the edge IP of the AP (another 192.168.x.x IP). However, I'm unable to ping the Soho router wiith the PC, although I can ping it from both the station and the AP. Here are the details:

PC
IP Address: 192.168.0.90/24
Default Gateway: 192.168.0.1

Default Gateway (soho router)
192.168.0.1
(connected to internet)

Mikrotik Components
Access Point (running Atheros 5GHz)
IP Address Info
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.0.0.1/24 10.0.0.0 10.0.0.255 wlan1
1 192.168.0.193/24 192.168.0.192 192.168.0.223 ether1

Routing Details
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 A S 0.0.0.0/24 r 10.0.0.1 wlan1
1 A C 10.0.0.0/24
2 A S 192.168.0.192/27 r 10.0.0.4 0 wlan1
3 A C 192.168.0.0/24 ether1
4 A S 0.0.0.0/0 r 192.168.0.1 0 ether1

NAT Details
0 chain=srcnat out-interface=ether1 src-address=10.0.0.0/24
action=masquerade


Mikrotik Station
IP Address
# ADDRESS NETWORK BROADCAST INTERFACE
0 D 10.0.0.4/24 10.0.0.0 10.0.0.255 wlan1
1 192.168.0.201/30 192.168.0.200 192.168.0.203 ether1

Routing Info
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 A C 10.0.0.0/24 wlan1
1 A C 192.168.0.200/30 ether1
2 A S 192.168.0.192/27 r 10.0.0.1 wlan1
3 A S 192.168.0.0/24 r 10.0.0.1 wlan1
4 A S 0.0.0.0/0 r 10.0.0.1 wlan1

NAT
0 chain=srcnat in-interface=ether1 dst-address=10.0.0.0/24 action=masquerade

PC (connected to ether1 of station)
IP Address: 192.168.0.202/30
Default GW: 192.168.0.201

I've tried packet sniffing to see if something obvious comes up but the data is sent out to my router, it just doesn't come back (seen my monitoring ether 1). Somehow, I think the data's being looped when it gets to router but I'm at my wits end as to how I can fix this.
Any suggestions?
Thanks!

Posted: Mon Jan 31, 2005 1:47 pm
by YazzY
You've definatelly messed up your routing.
First of all your PC and your Station are on totally different networks.
Check the mask, they are not on the same nets.
Then this:
192.168.0.193/24 192.168.0.192 192.168.0.223
Mask and broadcast dont match...
I think you need to edit your message and check the values again.
You either mistyped them here or on your boxes.
You see, nothing here makes sense...
And take a look at OSPF, dynamic routing will make things way easier for you.

Posted: Mon Jan 31, 2005 5:08 pm
by sligbot
Whoops, sorry for the mess-up...
I've been working on things so long that my mind was turning to gelly...
Anyways, here's the correction:

The PC should have been:
IP address: 192.168.0.202
Subnet mask: 255.255.255.252
Default GW: 192.168.0.201

This hooks up to the station via the same subnet:
IP address: 192.168.0.201
Subnet mask: 255.255.255.252
IP address (wlan1): 10.0.0.4/24
Default GW: 10.0.0.1

Which is then hooked up to the AP wirelessly
IP: 10.0.0.1/24 (wlan1)
IP: 192.168.0.193/24
Default GW: 192.168.0.1

Soho router: 192.168.0.1/24
PC-1: 192.168.0.90/24

The data should flow:
192.168.0.90 -> 192.168.0.1 -> 192.168.0.193 (NAT) 10.0.0.1 -> 10.0.0.4 (NAT) -> 192.168.0.201 -> 192.168.0.202

I'm going to also look at OSPF but if you see anything else that might help here, it'd be greatly appreciated.
Thanks!

Posted: Thu Feb 03, 2005 4:27 pm
by sligbot
Ok, so here's the update...
I got frustrated with trying to get this to work in MikroTik so I tried to see if it would work using other OSes. Using *OS, I got the entire thing to work, exactly as I outlined here without any problems. I want to use MikroTik and I think it's just some kind of problem wrt the settings I've put in but the logic seems to be quite solid.
Again, any specific insight as to how I can tackle this problem would be greatly appreciated.
Thanks,

Posted: Mon Feb 07, 2005 5:49 pm
by Erik Heath
just from a managability standpoint, wouldnt it be easier to designate one of your 192.168.x.x networks as 192.168.1.x and the other as 192.168.0.x? Looking at your router config in the original post, it appears that you were using VLSM to differentiate between the two networks. While this is good and fine and will work, it can be a headache to configure, and can lead to routing problems. I would suggest that you do yourself a favor and designate one side as the .1.x net and the other as the .0.x net.

Of course, YMMV

results would be PC(192.168.1.100) -- station(192.168.1.1)(10.current) -- AP(10.current)(192.168.0.193) -- SoHo(192.168.0.1)
all using 24 bit subnet masks (255.255.255.0)

Please let me know if this works.

Posted: Tue Feb 08, 2005 5:32 am
by Freman
I'm sorry, but... is there any real reason while you're routing across the wireless link when you can bridge across it?

No need for natting or anything of the sort, I mean... from where I'm sitting that's what it looks like you're trying to do.

/interface bridge add
/interface bridge port print
/interface bridge port set wlan1, ether1 bridge=bridge1

You can even put an IP on your bridge.


The flaw in your thinking is your network
The data should flow:
192.168.0.90 -> 192.168.0.1 -> 192.168.0.193 (NAT) 10.0.0.1 -> 10.0.0.4 (NAT) -> 192.168.0.201 -> 192.168.0.202
If all those 192.168.0 addresses are /24 then your 192.168.0.90 will NEVER think to ask 192.168.0.1 or 192.168.0.193 because it will assume that 192.168.0.201 or 202 are on the same network segment.

The bridge should resolve that for you.

Posted: Tue Feb 08, 2005 11:58 pm
by sligbot
Well, I got it working :)
The problem was not my logic or syntaxes or anything like that. Rather, it was the fact that I had an inturrupt problem with my wireless card and my ethernet card. Resolved that and the system worked like a charm.
Just FYI, this is a pretty useful setup because, unlike the bridge setup, you can route anything to anywhere using this kind of setup -- that is, you can use supernetting properly and thus reduce overhead and looping.
Thanks for the suggestions!