dwilson805
Premium
join:2005-07-22
Hanceville, AL
 ·RoadRunner Cable
| mikrotik and Verizon FIOS
We are having a strange problem with Mikrotik connecting to Verizon FIOS. We have been using residential FIOS at one location while we got the radios up and running, and have now switched to business FIOS. As part of this changeover, we are taking Verizon's router out of the path and connecting a Mikrotik router directly to the Verizon demark, as suggested by Verizon (since their router insists on NATting, which is not what we want).
We have an ethernet cable connected to the verizon network interface outside the building. If we connect that ethernet cable to the broadband ethernet connection on the back of the FIOS router, and configure the FIOS router with the new static IP, etc., the router connects to the internet and we can browse just fine.
If we connect the Mikrotik's WAN port (ether3) to the FIOS router and set the Mikrotik up as a DHCP client, it gets an IP address and is able to connect to the internet just fine (via the FIOS router), so we know the Mikrotik's ethernet port is working fine also.
If we connect the WAN ethernet cable to a stupid Linksys router and configure that router, again we can connect to the internet and browse.
However, when we connect the WAN cable to our Mikrotik's ether3 port, and configure the Mikrotik with static IP, etc., we can't ping the gateway. Monitoring the traffic shows outbound ARP requests but nothing coming inbound at all. We've looked at the firewall rules, and for now have put "accept everything from everywhere" rules as the first rules for all chains, just to ensure that we aren't dropping traffic due to incorrect firewall rules. Just for grins, we also tried spoofing the FIOS router's MAC address, even though we didn't have to do that with the Linksys router.
At this point, I'm stumped. If I could see arp responses coming back but being ignored, I'd think we have a firewall rule incorrect, but I don't even see the ARP responses. Incidentally, we have other Mikrotik routers connected to the internet just fine, albeit not using Verizon FIOS - the others are connected to Time Warner, DSL Extreme, and WindJammer.
Anyone have any ideas?
Thanks in advance for your help! |
|
delmarvawifi
join:2008-07-15 | Not touching this with a ten foot pole. |
|
dwilson805
Premium
join:2005-07-22
Hanceville, AL | reply to dwilson805
May I ask why not? Something badly wrong about what we are trying to do? |
|
dwilson805
Premium
join:2005-07-22
Hanceville, AL
·RoadRunner Cable
| reply to dwilson805
It occurs to me that perhaps you have misunderstood the situation. We are not trying to bypass verizon's equipment in any way. What we expected Verizon to provide, initially, was a router programmed to pass the public static IPs that we ordered through to our mikrotik so that we could manage them from there. According to my buddy, who is actually onsite (I am 2000 miles away), the verizon techs he worked with claims they can't do that - that the router they provided will always NAT. So the Verizon engineers suggested that rather than feed the internet into the building using a coax cable into their router, they could program their network interface to split the internet service out to an ethernet jack, and that we should connect our mikrotik router up to that. Everything that has been done at the site has been under Verizon's direction and with their assistance.
So at this point, our problem is simply one of getting the mikrotik configured properly, and I am certain we have just overlooked something stupid. All I was hoping for by posting here was that some mikrotik expert would say "hey dummy, did you check xxxxx?"
Anyway, thanks for your time.
Dan. |
|
dlisman
Premium
join:2006-06-08
Winfield, AL | reply to dwilson805
Off the top of my head, Im not sure what your problem might be. If you would like me to assist you, send me a message or email. |
|
PSWired
join:2006-03-26
Edgewater, MD
| reply to dwilson805
You need to release the IP address from the FIOS router before issuing a new DHCP request from the Mikrotik rotuer. Log into the actiontec router and go to the ethernet WAN connection properties, and press the release IP button. Once that is done, verizon's DHCP servers will issue the address to your new router. |
|
PSWired
join:2006-03-26
Edgewater, MD
| Maybe I should read the question before answering. If you can connect a linksys router directly to the Ethernet connection from the ONT, configure your static IP address, and everything works fine, then I'd next make sure that ethernet autonegotiation is working properly between the ONT and your Mikrotik router. |
|
dwilson805
Premium
join:2005-07-22
Hanceville, AL
·RoadRunner Cable
| said by PSWired  :If you can connect a linksys router directly to the Ethernet connection from the ONT, configure your static IP address, and everything works fine, then I'd next make sure that ethernet autonegotiation is working properly between the ONT and your Mikrotik router. I will have him disable auto-negotiation on the Mikrotik and force the ethernet to 100mbit full-duplex. We did check that yesterday, and the mikrotik said it had successfully synced at 100Mb full, but don't know what the ONT side showed. Thanks! |
|
dwilson805
Premium
join:2005-07-22
Hanceville, AL
·RoadRunner Cable
| reply to dlisman
said by dlisman :Off the top of my head, Im not sure what your problem might be. If you would like me to assist you, send me a message or email. dlisman, thanks so much for the offer. I will make sure we have exhausted the other ideas here, and that we are ready to test before I try pulling you or anyone else in for consultation.
I'm also going to have my buddy upgrade the mikrotik from 3.20 to 3.30. I didn't see anything in the release notes related to this problem, but 3.20 is fairly old. |
|
viperm
Carpe Diem
Premium
join:2002-07-09
Winchester, CA
| reply to dwilson805
Okay so your saying you try and put in a static ip on your mikrotik and it will not pass traffic? can you put the same IP on the linksys and have it work static?
If it does work on the linksys then what are you using for the gateway ip on the linksys? are you using that same gateway ip on the Mikrotik under ip/ routes section?
Keep in mind when doing DHCP on any router it automatically assigns an ip, subnet and a route for the gateway.
The mikrotik you have to do that manually just like in the linksys you have to put something in for the gateway on the want port.
Is the DHCP IP you are gettting in the same subnet as your static ip or are they totally different?
If this does not work it sounds like a possible routing or arp issue on Verizons network. I.E your mac address of your WAN port 3 on the mikrotik is still in their DHCP arp table. Disconnect your want port 3 form thier device then have them flush the arp tables then put in your static ip reconnect to verizons network and try again..
We see this all the time with Cox cable connections when customers switch from DHCP to Static etc..
--
ComTrain Certified Tower Climber. American Tower Certified approved contractor. Wireless consultants. |
|
delmarvawifi
join:2008-07-15 | reply to dwilson805
Since you asked, I didn't want to comment on this as I question the legality of what you're doing. |
|
iansltx
join:2007-02-19
Golden, CO
·Comcast
 ·Qwest.net
 ·magicjack.com
 ·BeeCreek Communica..
·Sprint Mobile Broa..
| Legality = against ToS to resell FiOS, or something else?
It's perfectly legit/legal to plug in a non-Verizon router into the FiOS ONT, with the ONT acting just like a cable modem would on a business cable system.
Or maybe I'm missing something here... |
|
kewlkeed
Grouch
Premium
join:2005-02-05
Knowlton, QC
| reply to dwilson805
This may come across as being downright stupid...
But have you put in the default gateway on the MT? Can program all you like for addresses and subnets etc... but if you don't have a default route (0.0.0.0/0) then you ain't going anywhere. Also have you programmed in DNS? These two things program themselves automatically by default when you do a DHCP client, but not when you're doing static.
By default the MT also accepts everything, so there's no need for accept all in the firewall. I would clear everything you have set up in the firewalls for now just to get yourself live without tripping over something you've done already. By default with nothing in the firewalls (Except a src nat masquerade rule, if you need it) it will pass everything just fine.
--
Justin - DSLR resident grouch and Mr Negativity
TSI Fanboy - "Dontchya wish your 'net was hot like mine! Ohhh Dontchya!"
Have a nice day! |
|
delmarvawifi
join:2008-07-15
| reply to dwilson805
"Legality = against ToS to resell FiOS"
Yep and I want no parts. This article struck a little too close to home (literally - I'm within 30 miles of this guy)
»Comcast Sues Maryland WISP for Bandwidth Theft |
|
battleop
join:2005-09-28
00000 | That guy didn't do anything illegal. It's hardly theft of bandwidth, though it is a violation of a contract and is therefor a civil matter. |
|
delmarvawifi
join:2008-07-15 | reply to dwilson805
Thats all fine and good. However, do you want to be sitting in the crosshairs of Comcast or Verizon in Federal Court? I know I don't. |
|
beachintech
There's sand in my tool bag
Premium
join:2008-01-06
The Beach,US
clubs:
·Mediacom
| reply to battleop
said by battleop :That guy didn't do anything illegal. It's hardly theft of bandwidth, though it is a violation of a contract and is therefor a civil matter. Actually he did - but it was more to his method of installation\tampering\break in and such. I can't say any more specifics. I would not want to be mixed up with him or anything he was doing.
--
Tech at the Beach.
I speak for myself, not my employer. |
|
battleop
join:2005-09-28
00000 | Sound like he was hacking the cable modems to gain access to a speed he was not paying for. If that's the case that's completely different than buying residential service and reselling it. |
|
delmarvawifi
join:2008-07-15 | reply to dwilson805
Interesting details I was not aware of. |
|
kewlkeed
Grouch
Premium
join:2005-02-05
Knowlton, QC
| reply to dwilson805
I give technical help where it's needed. I don't personally care what someone does with it, nor do I take any accusations at face value (Especially when I haven't seen a shred of them).
Either way, a pen can be useful, or it can be lethal. It's a tool and used in the right way it can be good, used in the wrong and... well we know the answer. Same goes for something technical. I give help, but I don't particularly care what someone does with it.
--
Justin - DSLR resident grouch and Mr Negativity
TSI Fanboy - "Dontchya wish your 'net was hot like mine! Ohhh Dontchya!"
Have a nice day! |
|
