I have OSPF going on a test right now, I can get 3 of the OSPF routers to talk to one another using the basic OSPF commands, and that part works fine. My problem is that I cannot get out to the internet from the 2nd or 3rd OSPF router.

My test lab setup goes like this.

Internet Connection (Upstream profider, gives me a public subnet, with a gateway IP)-->OSPF Router 0.0.0.1(This one can get out fine, because I have a static route to the public gateway on our main internet connection for it in Star-OS; note that this is where NAT starts)-->OSPF Router 0.0.0.2(This one can ping the public gateway, but not beyond, and if I plug my laptop into it, and give it an IP on the inside subnet, I cannot ping the public gateway).-->OSPF Router 0.0.0.3 (Behaves the same as OSPF router 2)

Does anyone have a command that might help me get my NATed OSPF to talk out through the public gateway? I've tried the "default-information originate always" command, and that doesn't seem to help. I've tried various other ideas too, but can't seem to get it to work.

Thanks for your help!

I wonder if this is a NAT issue, and not an OSPF issue. Have you tried it with static routes in all your routers to see if it will get out?

Craig

After having re-read your post, I just noticed one more thing. You refer to your routers as 0.0.0.1, 0.0.0.2, and 0.0.0.3. This looks suspicously like they could be what you used for your OSPF areas. If that's the case, where is your area 0 (0.0.0.0)? All areas in OSPF need to be connected to area 0.0.0.0.

Craig

The 0.0.0.1, 0.0.0.2, and 0.0.0.3 are my ospf router-id's. I've included them all in area 0. Perhaps I do need to put in a 0.0.0.0 to start from. I specified "area 0" next to all of my subnets. Is there a part of the ospf router-id specifies which area it is in? Thanks for the help!

No. If you have all your interfaces in area 0, it should be fine. What about my first question above, regarding trying it with static routes. Have you tried that yet?

Craig

What does your nat statement look like? I agree with bairdc this is likely a nat issue.

If you could post the output from the command "show ip ospf routes" on the second or third router, it would help to determine whether it's an OSPF or a NAT issue.

I notice you say you've a static route to the Internet - the command "default-information originate" will only propagate a default route, not a static route.

Here you go guys. The internet connection in comes in (for test purposes) on a DSL line we don't use anymore. I changed the first 3 octets of the Public IP's to "55.55.55" since this is being posted to a list, but haven't altered anything else. Thanks for your help!



DSL-->Router1-->Router2-->Laptop

DSL
IP 55.55.55.145/29

Router1
ospfd# show run

Current configuration:
!
hostname ospfd
password 1234
!
!
!
interface eth0
!
interface lo
!
interface eth1
!
interface tunl0
!
interface gre0
!
interface ecb
!
interface ipacct
!
interface wlanbr
!
interface eth2
ip ospf network non-broadcast
!
interface cbq
!
router ospf
ospf router-id 0.0.0.1
redistribute kernel
redistribute connected
redistribute rip
redistribute bgp
network 192.168.30.0/24 area 0
neighbor 55.55.55.145
neighbor 192.168.30.2
default-information originate
!
access-list vtylist permit 127.0.0.1/32
access-list vtylist deny any
!
line vty
access-class vtylist
!
end
ospfd# show ip ospf route
============ OSPF network routing table ============
N 192.168.30.0/24 [10] area: 0.0.0.0
directly attached to eth1

============ OSPF router routing table =============

============ OSPF external routing table ===========




Router2
ospfd# show run

Current configuration:
!
hostname ospfd
password 1234
!
!
!
interface eth0
!
interface lo
!
interface eth1
ip ospf network non-broadcast
!
interface tunl0
!
interface gre0
!
interface ecb
!
interface ipacct
!
interface wlanbr
!
interface cbq
!
interface eth2
ip ospf network non-broadcast
!
router ospf
ospf router-id 0.0.0.2
redistribute kernel
redistribute connected
redistribute rip
redistribute bgp
network 192.168.30.0/24 area 0
network 192.168.40.0/24 area 0
neighbor 192.168.30.1
!
access-list vtylist permit 127.0.0.1/32
access-list vtylist deny any
!
line vty
access-class vtylist
!
end
ospfd# show ip ospf route
============ OSPF network routing table ============
N 192.168.30.0/24 [10] area: 0.0.0.0
directly attached to eth0
N 192.168.40.0/24 [10] area: 0.0.0.0
directly attached to eth1

============ OSPF router routing table =============

============ OSPF external routing table ===========




Laptop
IP 192.168.40.10/24, GW 192.168.40.1

A few observations: if you're using Ethernet interfaces, you don't need non-broadcast and you don't need neighbor statements (it's possible you don't need them for wireless interfaces either). Get rid of all the redistribute statements, you don't need them and - as outlined in previous threads - some of them seem to cause serious problems.

I'm confused as to why router1 doesn't show the default route as an external route in its external routing table. Again, are you sure it's a default route and not a static route?

Thanks for the suggestions, I'll try them in the morning.

As far as the default route versus a static route, I have a statement on router 1, in the static routes of: network- 0.0.0.0 subnet - 0.0.0.0 and gateway - 55.55.55.145. This seems to be the only way I can get router 1 to ping out past the .145 gateway.

Would you suggest that I should take that out, and then put a static route statement into the OSPF configurations instead? If so, do you know what the command would be?

In the end result, the goal would be to load balance between two T-1's from two seperate providers, thus giving redundancy. I figure if I can get this senario to work, then I should be able to change the IP information, and move it over to the real link, then order another T-1 line, and using 3 Star-OS routers with OSPF, put one Star-OS router at each T-1, and one that all of the inside routers talk to.

The only other problem I see happening in the future, once I get this working, is that the 1:1 NAT statements in the Star-OS firewall stop working, and service to these IP's stops, when switched over to the other path. I've tried this with just one router, and found that to be part of the problem, the biggest problem though, was prbably yet to be found, though I hope to accomplish this goal, so others too can gain from what I learn.

As far as the default route versus a static route, I have a statement on router 1, in the static routes of: network- 0.0.0.0 subnet - 0.0.0.0 and gateway - 55.55.55.145. This seems to be the only way I can get router 1 to ping out past the .145 gateway.

Would you suggest that I should take that out, and then put a static route statement into the OSPF configurations instead? If so, do you know what the command would be? No, that hasn't been necessary for the default route in our network. In the end result, the goal would be to load balance between two T-1's from two seperate providers, thus giving redundancy. I figure if I can get this senario to work, then I should be able to change the IP information, and move it over to the real link, then order another T-1 line, and using 3 Star-OS routers with OSPF, put one Star-OS router at each T-1, and one that all of the inside routers talk to.

The only other problem I see happening in the future, once I get this working, is that the 1:1 NAT statements in the Star-OS firewall stop working, and service to these IP's stops, when switched over to the other path. I've tried this with just one router, and found that to be part of the problem, the biggest problem though, was prbably yet to be found, though I hope to accomplish this goal, so others too can gain from what I learn. If you're talking about having redundancy from two different providers, I think you're going to need BGP [as well as|instead of] OSPF. OSPF provides redundant routing within your network; BGP provides redundant routing between Autonomous Systems (AS), but requires that you have an AS number.

Back to your current problem: if the changes I suggested don't seem to help, post up the output of "show ip ospf neighbor".

Router 1
ospfd# show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
0.0.0.1 1 Init/DROther 00:00:35 192.168.30.2 eth1:192.168.30.1 0 0 0
ospfd#

Router 2
ospfd# show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
ospfd#

I've taken out the redistributes, and the non-broadcast statements, but I'm still not all the way there yet. Interestingly enough, I lost my pings from the Laptop to router 1. Then I took out the "default-information originate" statement on router 1, and I can ping it from the Laptop.

I still can't ping the gateway of 55.55.55.145 from router 2 or the Laptop.

I just found this in the post. I tried to make a general statement on router 1 in zebra of "ip route 0.0.0.0/0 55.55.55.145." It didn't help, but do you think that the information talked about below may have anything to do with why I cannot get out?

This one was posted by oscarBravo on 02-11-2005, 10:32 PM
"OK, between Lonnie, Brendan and myself we've got this one working.

Here's the problem: 'redistribute static' only redistributes the static routes that zebra itself is aware of. That means that the static routes have to be created in zebra using the 'ip route' command.

To do that, use the telnet client to connect to 127.0.0.1, port 2601. Enter the password and 'enable', then 'configure terminal', and 'ip route x.x.x.x/x y.y.y.y' where x.x.x.x/x is the subnet you want to route to, and y.y.y.y is the gateway address. 'write file', quit, save/activate changes.

Once you've done this, the route should show up in 'show ip ospf routes' in other OSPF-enabled routers - not in the one where you configured the route.

[edit:] You can then delete the static route from the normal static/default routes dialog - you won't be needing it.
__________________"

Looking at your neighbor status, the problem is a total lack of communication between the routers. Looks like router 1 is aware of router 2, but not vice-versa, so no OSPF communication can take place.

Unless you have Full/DR or Full/Backup in your neighbor status, OSPF just isn't working. Can you post the running configs from both routers again so I can see where you're currently at? If you could also post the neigbor status and OSPF routes from each router, that would help, and I'll try to figure it out from there.

I backed up a bit to an earlier config, where the OSPF was working from one router to the next, but only in the private IP space. Using OSPF, or a static route I cannot get past the private IP space out to the internet from anything other than the first router. I figure it is because the first router has the gateway statement in it. If I can past that, then I think I'm on my way.

I've tried changing the "ospf router-id" to 0.0.0.0, while putting in "default-information originate," but that doesn't seem to make a difference.

My default route in router 1, and only route listed in any of the routers "static routes" is as followes.
Network Address is 0.0.0.0
Network Mask is 0.0.0.0
Gateway Address is 55.55.55.145

I've given up on the redundancy for now. One thing at a time...

Thanks for the help!


ospfd# show run

Current configuration:
!
hostname ospfd
password 1234
!
!
!
interface eth0
!
interface lo
!
interface eth1
!
interface tunl0
!
interface gre0
!
interface ecb
!
interface ipacct
!
interface wlanbr
!
interface eth2
!
interface cbq
!
router ospf
ospf router-id 0.0.0.1
network 192.168.30.0/24 area 0
! edit by Lonnie - you should declare any networks, especially the network that has the default route
network 55.55.55.0/24 area 1
! ethernets do not require neighbor statements
!neighbor 55.55.55.145
!neighbor 192.168.30.2
default-information originate
!
access-list vtylist permit 127.0.0.1/32
access-list vtylist deny any
!
line vty
access-class vtylist
!
end
ospfd# show ip ospf route
============ OSPF network routing table ============
N 192.168.30.0/24 [10] area: 0.0.0.0
directly attached to eth1

============ OSPF router routing table =============

============ OSPF external routing table ===========


ospfd# show run

Current configuration:
!
hostname ospfd
password 1234
!
!
!
interface eth0
!
interface lo
!
interface eth1
!
interface tunl0
!
interface gre0
!
interface ecb
!
interface ipacct
!
interface wlanbr
!
interface cbq
!
interface eth2
!
router ospf
ospf router-id 0.0.0.2
network 192.168.30.0/24 area 0
network 192.168.40.0/24 area 0
! not needed if this is on ethernet
!neighbor 192.168.30.1
!
access-list vtylist permit 127.0.0.1/32
access-list vtylist deny any
!
line vty
access-class vtylist
!
end
ospfd# show ip ospf route
============ OSPF network routing table ============
N 192.168.30.0/24 [10] area: 0.0.0.0
directly attached to eth0
N 192.168.40.0/24 [10] area: 0.0.0.0
directly attached to eth1

============ OSPF router routing table =============

============ OSPF external routing table ===========