Routing Issue accross multiple LANs

Arpanet · January 19, 2018, 10:00am

I cannot find a routing table that works for accessing via winbox every single host in each lan from my office network.
As you can see there are multiple NAT layers.
Below network map:

sebastia · January 19, 2018, 11:03am

Hi

which network you you have defined between

left 3011 and centre
right 3011 and centre

These routes are added automatically for you when you define the local ip. Then just access “left” & “right” 3011’s by ip’s on these networks.µ
=> that’s just for RB’s

To access the whole network:

either setup automatic routing propagation
or add static routes to all networks: you have a static network with no loops so that should be fairly straightforward

Ex
static on central 3011
“75” go left
“19” go left
“40” go left
“76” go right
“18” go right
“20” go right

similar for “left” & “right” 3011

payam124 · January 19, 2018, 11:41am

as the network is not so big, you can exclude destinations toward your OFFICE LAN from all the NATS and also write a few static route on each router for the OFFICE LAN

Arpanet · January 19, 2018, 11:59am

RB3011 FROM MY OFFICE LAN:
0 192.168.1.62/24 199.168.1.0 bridge2 -->INTERNET GATEWAY
1 192.168.15.1/24 192.168.15.0 bridge1 -->OFFICE LAN
2 192.168.19.150/24 192.168.19.0 ether3 -->RB3011 192.168.19.1
3 192.168.18.150/24 192.168.18.0 ether9 -->RB3011 192.168.18.1

ROUTES:
0 A 0.0.0.0/0 192.168.1.1 STATIC
A S DST-ADD 192.168.75.0/24 GW 192.168.19.1 STATIC
A S DST-ADD 192.168.76.0/24 GW 192.168.18.1 STATIC
ADC 192.168.15.0/24 192.168.15.1 bridge1 DYNAMIC
ADC 192.168.18.0/24 192.168.18.150 ether9 DYNAMIC
ADC 192.168.19.0/24 192.168.19.150 ether3 DYNAMIC

With this config Ican only ping devices within each lan but no winbox access.

sebastia · January 19, 2018, 1:42pm

Your central RB, is directly connected to both RB “left” & “right”. There are “connected” routes defined for them with distance 0.

You SHOULD be able to connect to them, if you can’t check firewall settings.

Arpanet · January 19, 2018, 1:43pm

no firewall enabled in each rb3011

acruhl · January 19, 2018, 1:47pm

Short answer, get rid of all the natting and run a routing protocol, then you don’t have to worry at all. It would all “just be connected”.

I’m probably missing the reason why you’re using so many nats though.

sebastia · January 19, 2018, 3:50pm

Few other things to check:

can you access winbox from other location(s) on these routers (at all)?
is the windbox service enabled? Are there any limitations on it?
has the user on these routers the right privileges?
how are you accessing it? over ip or mac? if ip, which?