i have problem with routing in my mikrotik.
eth 1— have 200.x.x.x ( internet)
eth 2 —192.168.21.1/30
eth3 — 192.168.4.0/24 ( dhcp server active) ( my local lan)
…
i have remote site with ip 172.28.63.32/27 that connect through some routers to eth2 (192.168.21.1/30)
i have a nat ( masquerade ) from may local lan to eth 1 ( internet)
routing
DST 0.0.0.0 gateway eth1
DST 192.168.21.x gateway eth2
Dst 192.168.4.0/24 gateway eth3
static route
DSt 172.28.0.0/16 gateway eth2
..
firewall rule
chain forward ..soure 192.168.4.0/24 Dst 172.28.0.0/16 action Accept
chain forward …soure 192.168.4.0/24 Dst 192.168.21.x action Accept
i can ping from router to 172.28.63.x ( inside the router) every thing is good.
i can ping to 192.168.21.1 from pc in my local lan
but i can not ping to 172.28.63.x from a pc in my local lan.
i can not reach to 192.168.21.2 from a pc in my lan
need help