Hi there,

I've been using RouterOS for a while now pretty much by trial and error. After experiencing a lot of issues we've decided to start from scratch hoping that the issues we've been having with connectivity have been due to poor configuration. During this process I have come across something that frustrates me.

The network topology is as follows:

We have 2 RouterBoard 2011 running the network and connecting and routing several wireless clients connecting through sector antennas.

Router 1 (HQ) has a local interface (192.168.1.0/24) and can reach and be reached by clients connecting to the wireless sector that is in bridge mode on the 192.168.1.0/24 subnet as well as clients connected through a switch to the port.
Router 2 (OUTPOST) has a local interface (192.168.4.0/24) and can reach and be reached by clients connecting to the wireless sector that is in bridge mode on the 192.168.4.0/24 subnet as well as local clients connected through a switch to the port.

HQ and OUTPOST are connected via a wireless link also in bridge on the 192.168.249.0/24 range and can reach each other via the dynamic route created with HQ being 192.168.249.1 and OUTPOST being 192.168.249.4.

I have static routes on both routers for the distant subnets, so on HQ I have a route to 192.168.4.0 through the OUTPOST's IP address 192.168.249.4 and vice versa.

The RouterBoards can also access clients in all subnets, so HQ can reach clients connected to OUTPOST in the 192.168.4.0 subnet. However no clients connected to HQ can reach any client in the 192.168.4.0 subnet without adding masquerades to both the local interface (which has 192.168.1/4.0) and the backbone link (which has 192.168.249.0).

Am I incorrect in assuming that all I should need for clients to reach each other through RouterBoards is static routes? Why do I need to enable the NAT masquerade? This has the side-effect of not seeing client ip addresses when they connect to services on the far side of a distant RouterBoard, all we get is the NATted address from the originating RouterBoard.

I'm hoping that there's something simple I'm missing that may lead to fixing other issues we have on our network. Thanks for taking the time to read.

I think your issue is due to the bridge mode. Have you tried turning on proxy-arp?

Did you find a fix?

Did you find a fix?

Yes. I do this kind of routing all the time. You must explain your network configuration. Do you have an internet connection, or plan on having one someday? If so, specify which router it connects to.

If you need a masquerade, you probably forgot the default route on the remote (OUTPOST) router.