I have 2 SXT to join 2 LAN in "brigde" and "station brigde" configuration. I have bridged wlan1 and ether1 interfaces and have just one IP in each devices. In one of the AP I have Fasttrack activated (I don't remenber how I did it).
In IP -> Firewall section I have this different configuration:
side1:
Code: Select all
/ip firewall filter export
# jan/22/2017 21:10:39 by RouterOS 6.38.1
# software id = XXXX-XXXX
#
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge1)
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=wlan1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge1)
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
in-interface=wlan1
Code: Select all
/ip firewall filter export
# jan/22/2017 21:05:57 by RouterOS 6.38.1
# software id = XXXX-XXXX
#
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established
add action=accept chain=input comment="default configuration" connection-state=related
# in/out-interface matcher not possible when interface (wlan1) is slave - use master instead (bridge1)
add action=drop chain=input comment="default configuration" in-interface=wlan1
I will really appreciate your help.
Kind regards.
