I'm new to MT so it goes without question that I've Googled everything including this forum. However, if I somehow missed that someone already posted this - I apologize.

I have a RB1200 running RouterOS 5.11 and I need it to do some packet filtering for some video conferencing equipment in a hosted datacenter. I don't have keyboard/mouse access to the devices so re-IP'ing / NAT is out. Furthermore, NAT'ing H323 can sometimes break and although I see that the MT has h323 fixup protocol handlers - I don't know if they break like they do in the Cisco world?

Creating a layer two bridge(transparent firewall), assign the layer 3 address space the bridge, assigning the interfaces to said bridge and letting arp handle the rest would work. However, it opens the network to layer 2 attacks...skiddies with cain and abel..etc. (long shot that the skiddie would be on the same /28 I'm working with, but I digress)

How would you guys handle this? If it can be done, let me know with examples. If it's been posted already, I apologize - point me towards a link and close the thread. Brain is fried from the learning curve.

Figured it out. Create a layer 2 bridge, assign it a layer 3 address and ensure:

1) use ip-firewall option is checked on the bridge interface.
2) All your interfaces are assigned to the bridge.
2a) Ensure you read the packet flow documentation.
3) Configure firewall filter rules according to the documentation on the wiki page.
4) Relax knowing that it all finally works.

Hopefully this will be helpful to someone else someday.