Emerging Member
Posts: 56
Registered: ‎11-10-2016
Kudos: 2
Solutions: 1

BGP Routing Issue

Hello Guys

 

I have a problem with BGP routing, if I try to ping some network that I've received form my BGP neighbor the router sends the traffic to internet (this bgp config is not for internet, is for internal use between two routers)

thsi is my config:

 

ubnt@Ubiquiti:~$ show configuration
firewall {
    group {
        address-group PeersVPN {
            address 189.201.xxx.xxx
            description ""
        }
        network-group LAN {
            description ""
            network 172.10.10.0/24
        }
        network-group LAN2 {
            description 172.17.49.192/27
        }
        network-group RemoteLAN {
            description ""
            network 192.168.200.0/24
            network 192.168.1.0/24
            network 192.168.0.0/24
            network 192.168.2.0/25
            network 192.168.55.0/24
            network 10.0.0.0/24
            network 172.10.10.0/24
        }
    }
    modify LANtoBGPRoutes {
        rule 1 {
            action modify
            modify {
                table main
            }
            source {
                group {
                    address-group ADDRv4__eth1
                }
            }
        }
    }
    name Firewall-Iternet {
        default-action drop
        description ""
        rule 1 {
            action accept
            description "Accept Ping"
            log disable
            protocol icmp
        }
        rule 2 {
            action accept
            description AllowPeers
            log disable
            protocol all
            source {
                group {
                    address-group PeersVPN
                }
            }
        }
        rule 3 {
            action drop
            description "Drop Invalid State"
            log disable
            protocol all
            state {
                established disable
                invalid enable
                new disable
                related disable
            }
        }
        rule 4 {
            action drop
            description "Reject SSH"
            destination {
                group {
                    address-group NETv4_eth7
                }
                port 22
            }
            log disable
            protocol tcp_udp
        }
        rule 5 {
            action drop
            description "Reject Telnet"
            destination {
                group {
                    address-group NETv4_eth7
                }
                port 23
            }
            log disable
            protocol tcp_udp
        }
        rule 6 {
            action drop
            description "Reject Web Managment"
            destination {
                group {
                    address-group NETv4_eth7
                }
                port 5582,9478
            }
            log disable
            protocol tcp_udp
        }
        rule 7 {
            action accept
            description "Accept New"
            log disable
            protocol all
            state {
                established enable
                invalid disable
                new enable
                related enable
            }
        }
    }
}
interfaces {
    ethernet eth0 {
        address 172.10.10.254/24
        description LAN
        duplex auto
        speed auto
    }
    ethernet eth1 {
        address 172.17.49.193/27
        duplex auto
        firewall {
            in {
                modify LANtoBGPRoutes
            }
        }
        speed auto
    }
    ethernet eth2 {
        duplex auto
        speed auto
    }
    ethernet eth3 {
        duplex auto
        speed auto
    }
    ethernet eth4 {
        duplex auto
        speed auto
    }
    ethernet eth5 {
        duplex auto
        speed auto
    }
    ethernet eth6 {
        address 172.17.2.233/31
        description "BGPNetwork"
        duplex auto
        speed auto
    }
    ethernet eth7 {
        address 38.xxx.xxx.xxx/29
        description "Internet "
        duplex auto
        firewall {
            local {
                name Firewall-Iternet
            }
        }
        speed auto
    }
    loopback lo {
    }
    vti vti0 {
        address 10.255.12.2/30
        description VPN
    }
}
protocols {
    bgp 64905 {
        neighbor 172.17.2.232 {
            remote-as 30624
            soft-reconfiguration {
                inbound
            }
        }
        network 172.17.49.192/27 {
        }
    }
    ospf {
        area 0 {
            network 10.255.12.0/30
            network 172.10.10.0/24
        }
    }
    static {
        route 0.0.0.0/0 {
            next-hop 38.122.209.129 {
                description "Internet Gateway"
                distance 100
            }
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative disable
            subnet 172.10.10.0/24 {
                default-router 172.10.10.254
                dns-server xxx.xxx.xxx.45
                dns-server xxx.xxx.xxx.61
                lease 86400
                start 172.10.10.50 {
                    stop 172.10.10.200
                }
            }
        }
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth0
        }
    }
    gui {
        http-port 5582
        https-port 9478
        older-ciphers enable
    }
    nat {
        rule 1 {
            description Switch1
            destination {
                port 65000
            }
            inbound-interface eth7
            inside-address {
                address 172.10.10.253
                port 22
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 2 {
            description "Telnet switch1"
            destination {
                port 65001
            }
            inbound-interface eth7
            inside-address {
                address 172.10.10.253
                port 1444
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 4 {
            description "SSH Rotuer "
            destination {
                port xxxxx
            }
            inbound-interface eth7
            inside-address {
                address 172.10.10.254
                port 22
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 5 {
            description "WEB Router"
            destination {
                port xxxxx
            }
            inbound-interface eth7
            inside-address {
                address 172.10.10.254
                port 9478
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 6 {
            description "SSH  Server"
            destination {
                port xxxxx
            }
            inbound-interface eth7
            inside-address {
                address 172.10.10.57
                port 22
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 7 {
            description "Server2"
            destination {
                port xxxxx
            }
            inbound-interface eth7
            inside-address {
                address 172.10.10.20
                port 3389
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 8 {
            description "Server3"
            destination {
                port xxxxxx
            }
            inbound-interface eth7
            inside-address {
                address 172.10.10.21
                port 3389
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 9 {
            description "Hairpin Router"
            destination {
                address 38.122.209.130
                port xxxxxxx
            }
            inbound-interface eth0
            inside-address {
                address 172.10.10.254
                port 22
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 10 {
            description "Hairpin Switch1"
            destination {
                address 38.122.209.130
                port xxxxxx
            }
            inbound-interface eth0
            inside-address {
                address 172.10.10.253
                port 22
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 11 {
            description "Hairpin Telnet"
            destination {
                address 38.122.209.130
                port xxxxxx
            }
            inbound-interface eth0
            inside-address {
                address 172.10.10.253
                port 1444
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 12 {
            description "Hairpin Server2"
            destination {
                address 38.122.209.130
                port xxxxxx
            }
            inbound-interface eth0
            inside-address {
                address 172.10.10.56
                port 22
            }
            log disable
            protocol tcp_udp
            type destination
        }
        rule 5000 {
            description Internet
            log disable
            outbound-interface eth7
            protocol all
            type masquerade
        }
        rule 5001 {
            description "Hairpin NAT"
            destination {
                address 172.10.10.0/24
            }
            log disable
            outbound-interface eth0
            protocol tcp_udp
            source {
                address 172.10.10.0/24
            }
            type masquerade
        }
        rule 5002 {
            description "LAN2 Network"
            log disable
            outbound-interface eth1
            protocol tcp_udp
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    host-name Ubiquiti
    login {
        user ubnt {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            full-name ""
            level admin
        }
    }
    name-server xxx.xxx.xxx.45
    name-server xxx.xxx.xxx.61
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    package {
        repository debian {
            components main
            distribution wheezy
            password ****************
            url http://ftp.us.debian.org/debian
            username ""
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone America/Chicago
}

I hope someone can help me

 

Thanks and Regards.