Dear all,
I have this routing problem, but i dont know exactly where is the problem, so I try to paste my network configuration here to provide the big picture.
As you about to see from the configuration below, its a messed up, coz I am a newbie in networking stuff.. 
any help will be very appreciated.
I have a 3 site network with configuration like this.
Site A have a Router with 3 interface
- Interface #1 to 192.168.0.0/24
- Interface #2 to 192.168.7.0/24
- Interface #3 to 192.168.28.1 (wireless p2p radio )
Radio (192.168.28.1) is bridged to Site B radio (192.168.28.2)
The configuration on Site A’s router is like this
AddressList
---------------------------------------------------------------------
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.254/24 192.168.0.0 192.168.0.255 local
1 192.168.28.3/24 192.168.28.0 192.168.28.255 toSiteB
2 192.168.7.254/24 192.168.7.0 192.168.7.255 toSiteA1
3 138.57.7.254/24 138.57.7.0 138.57.7.255 toSiteB
Route List
---------------------------------------------------------------------------------
# DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE
0 ADC 138.57.7.0/24 138.57.7.254 toSiteB
1 ADC 192.168.0.0/24 192.168.0.254 local
2 ADC 192.168.7.0/24 192.168.7.254 toSiteA1
3 ADC 192.168.28.0/24 192.168.28.3 toSideB
4 A S 0.0.0.0/0 r 192.168.28.254 toSideB
Site B have a Router with 4 interface
- Interface #1 to 192.168.100.0/24
- Interface #2 to 192.168.3.0/24 (this is my Internet/Public Network)
- Interface #3 to 192.168.1.0/24
- Interface #4 to a switch :
- 192.168.28.0/24 interface to radio to site A
Radio (192.168.28.2) is bridged to Site A radio (192.168.28.1)
- 192.168.29.0/24 interface to radio to site C
Radio (192.168.29.1) is bridged to Site C radio (192.168.28.2)
The configuration on Site A’s router is like this
AddressList
---------------------------------------------------------------------
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.2.8/24 192.168.2.0 192.168.2.255 internet
1 192.168.100.3/24 192.168.100.0 192.168.100.255 local
2 192.168.3.3/24 192.168.3.0 192.168.3.255 internet
3 192.168.3.30/24 192.168.3.0 192.168.3.255 internet
4 192.168.3.5/24 192.168.3.0 192.168.3.255 internet
5 192.168.3.6/24 192.168.3.0 192.168.3.255 internet
6 192.168.3.7/24 192.168.3.0 192.168.3.255 internet
7 192.168.3.8/24 192.168.3.0 192.168.3.255 internet
8 192.168.1.254/24 192.168.1.0 192.168.1.255 toSiteA1
9 192.168.28.254/24 192.168.28.0 192.168.28.255 switch
10 192.168.29.254/24 192.168.29.0 192.168.29.255 switch
11 92.168.10.254/24 192.168.10.0 192.168.10.255 local
Route List
---------------------------------------------------------------------------------
# DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE
0 A S 192.168.0.0/24 r 192.168.28.3 switch
1 ADC 192.168.1.0/24 192.168.1.254 toSiteA1
2 ADC 192.168.2.0/24 192.168.2.8 internet
3 ADC 192.168.3.0/24 192.168.3.8 internet
4 A S 192.168.7.0/24 r 192.168.28.3 switch
5 ADC 192.168.10.0/24 192.168.10.254 local
6 ADC 192.168.28.0/24 192.168.28.254 switch
7 ADC 192.168.29.0/24 192.168.29.254 switch
8 ADC 192.168.100.0/24 192.168.100.3 local
9 A S 0.0.0.0/0 r 192.168.3.1 internet
Site A and Site B share the same Internet Connection Sharing, and both have a routerOS each. But Site C has its own Internet Connection and do not have a RouterOS (Site C use mikrotik’s built in Router)
Site C has 3 network pluged to a Switch :
- Network #1 192.168.29.2/32 (wireless p2p radio bridged to 192.168.29.1 at Site B)
- Network #2 192.168.1.254/32 (ADSL Modem)
- Netwrok #3 138.57.7.9/24 (Local LAN)
The configuration on Site C’s radio built in router is like this
AddressList
---------------------------------------------------------------------
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.29.2/24 192.168.29.0 192.168.29.255 bridge1
1 138.57.7.254/24 138.57.7.0 138.57.7.255 ether1
2 192.168.1.253/24 192.168.1.0 192.168.1.255 ether1
Route List
---------------------------------------------------------------------
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 138.57.7.0/24 138.57.7.254 bridge1
1 ADC 192.168.1.0/24 192.168.1.253 bridge1
2 A S 192.168.7.0/24 r 192.168.29.254 bridge1
3 ADC 192.168.29.0/24 192.168.29.2 bridge1
4 A S 0.0.0.0/0 r 192.168.1.254 bridge1
NAT
---------------------------------------------------------------------
0 chain=srcnat src-address=138.57.7.50 dst-address=0.0.0.0/0 action=masquerade
1 chain=srcnat src-address=138.57.7.110 dst-address=0.0.0.0/0 action=masquerade
2 chain=srcnat src-address=138.57.7.52 dst-address=0.0.0.0/0 action=masquerade
3 chain=srcnat src-address=138.57.7.44 dst-address=0.0.0.0 action=masquerade
Now the problem is, when the client is Site C is list on the NAT(masquerade) :
- it can access the internet.
- it can ping to LAN in site A1(192.168.7.0/24)
- it can’t use any other tcp client-server application (ex:mySQL, Remote Administrator, etc)
But when the client in Site C not list in NAT(no masquerade) :
- it can’t access the internet.
- it can ping to LAN in site A1(192.168.7.0/24)
- it can use any other tcp client-server application (ex:mySQL, Remote Administrator, etc)
How to configure so that the all the clients in site C can use any other tcp client-server application (ex:mySQL, Remote Administrator, etc), and only selected clients in site C can use internet.
Many Thanks in advance
