I have an rb750gl.
Port 1 is Wan
Port 2 is 192.0.0.1 with DHCP enabled
Port 3 is 192.0.1.1 with DHCP enabled
port 4 is 192.0.2.1 with DHCP enabled
Port 5 is nothing.


I need 192.0.0.16 to be able to ping/telnet into 192.0.2.5.
How the heck can I make that happen?

Are the clients on the 192.0.0.0/24 subnet receiving 192.0.0.1 as a default gateway? If so, this should work.

Also, best practice is to use RFC1918 addresses for internal use instead of picking random IP's.

Are the clients on the 192.0.0.0/24 subnet receiving 192.0.0.1 as a default gateway? If so, this should work.

Also, best practice is to use RFC1918 addresses for internal use instead of picking random IP's.

Yes clients on 192.0.0.0/24 are using 192.0.0.1 as default gateway so on and so forth.

My original intention was to use 192.168.1.0, 192.168.2.0 and 192.168.3.0 however I am taking this network over and the last admin had all the computers set to static, same with network printers etc. so I thought that to avoid having to change all the computers network printers etc i would leave the ip address scheme the same... bad idea perhaps?

Yeah, that network is reserved: http://whois.arin.net/rest/net/NET-192-0-0-0-2/pft

Did you turn off the switching feature that the RB750GL has enabled by default? With switching turned on ports 2-5 are going to be switched to the broadcast domain on port 2, they aren't routed ports. To make all ports routed ports use this:

Thanks few I but I have turned off the switch already.

So will using 192.0.0.x not work?

It will, it's just bad practice.

Post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

It will, it's just bad practice.

Post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

> /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.0.0.1/24 network=192.0.0.0 interface=2Town_Office
actual-interface=2Town_Office

1 address=192.0.1.1/24 network=192.0.1.0 interface=3Police_Dept
actual-interface=3Police_Dept

2 address=192.0.2.1/24 network=192.0.2.0 interface=4Town_Garage
actual-interface=4Town_Garage

3 address=208.125.196.xxx/30 network=208.125.196.xxx interface=1Wan
actual-interface=1Wan

/ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 A S dst-address=0.0.0.0/0 gateway=208.125.196.121
gateway-status=208.125.196.121 reachable 1Wan distance=1 scope=30
target-scope=10

1 ADC dst-address=192.0.0.0/24 pref-src=192.0.0.1 gateway=2Town_Office
gateway-status=2Town_Office reachable distance=0 scope=10

2 ADC dst-address=192.0.0.126/32 pref-src=192.0.0.125 gateway=<pptp-tony>
gateway-status=<pptp-tony> reachable distance=0 scope=10

3 ADC dst-address=192.0.1.0/24 pref-src=192.0.1.1 gateway=3Police_Dept
gateway-status=3Police_Dept reachable distance=0 scope=10

4 ADC dst-address=192.0.2.0/24 pref-src=192.0.2.1 gateway=4Town_Garage
gateway-status=4Town_Garage unreachable distance=0 scope=200

5 ADC dst-address=208.125.196.xxx/30 pref-src=208.125.196.xxx gateway=1Wan
gateway-status=1Wan reachable distance=0 scope=10


/interface print detail
Flags: D - dynamic, X - disabled, R - running, S - slave
0 R name="1Wan" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074

1 R name="2Town_Office" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074

2 R name="3Police_Dept" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074

3 name="4Town_Garage" type="ether" mtu=1500 l2mtu=1598 max-l2mtu=4074

4 R name="ether5-slave-local" type="ether" mtu=1500 l2mtu=1598
max-l2mtu=4074

/ip firewall export
# nov/07/2011 21:25:19 by RouterOS 5.7
# software id = 583W-VL03
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input disabled=no dst-port=23 in-interface=\
4Town_Garage protocol=tcp
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
add action=accept chain=input disabled=yes in-interface=1Wan protocol=tcp
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=1Wan
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=1Wan
add action=dst-nat chain=dstnat disabled=no dst-port=8080 in-interface=1Wan \
limit=1,5 protocol=tcp to-addresses=192.0.1.150 to-ports=8080
add action=dst-nat chain=dstnat disabled=no dst-port=8081 in-interface=1Wan \
protocol=tcp to-addresses=192.0.1.150 to-ports=8081

/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no

Well, right now 192.0.0.0/24 can't talk to 192.0.2.0/24 because 192.0.2.0/24 is on a port that isn't running, so that network is unreachable. What's up with that?

192.0.x.x is not private network IP. better change them.
btw,
if u do have and wish to go on, let's ignore the others, since what you're just asking a NAT from 192.0.0.16 into 192.0.2.5
all u need to add is

I needed to have it working over night it so I unplugged the .2 network and plugged it into the 5th port until I figured it out