[ask] bridging rule

larmaid · January 16, 2007, 5:03pm

any tutorial about bridging rule…???

larmaid · January 17, 2007, 10:07am

weks…anyone

sergejs · January 17, 2007, 11:46am

What kind of rules tutorial do you need ?
http://www.mikrotik.com/testdocs/ros/2.9/interface/bridge_content.php#4.14.7

larmaid · January 17, 2007, 12:31pm

wew finally…well i already read the bridge manual but that dont result anything…in bridge-filter does it same as firewall for bridging..??

sergejs · January 17, 2007, 12:40pm

Bridge firewall implements filtering for data from to or trough bridge.

larmaid · January 17, 2007, 1:06pm

is that mean the same as firewall in ip-firewall…??

sergejs · January 17, 2007, 1:08pm

Yes.

larmaid · January 17, 2007, 1:20pm

well i try a simple rule in bridge-filter but it didnt work…??
the rule is like this :

interface: in interface-lan1
out interface-lan2

IP : src.address-192.168.10.0/24
dst.address-10.10.15.0/24

Action : drop

lan1 & lan2 is in the same bridge

larmaid · January 17, 2007, 4:34pm

can anyone help…pliss

sergejs · January 18, 2007, 6:41am

Could you provide complete rule or export from ‘interface bridge fiter’ ?

larmaid · January 22, 2007, 4:02am

interface-bridge-filter>add chain=forward in-interface=lan1 out-interface=lan2 src.address=192.168.10.0/24 dst.address=10.10.15.0/24 action=drop

note :
i got 4 ether and i bridge all

when i apply the rule the 192.168.10.0/24 still can connect to 10.10.15.0/24…???
is something wrong with my rule…if so please help…thx

larmaid · January 23, 2007, 4:20am

hello…need help pliss

sten · January 23, 2007, 6:30pm

to filter traffic going through your bridge (going from one interface to another) you need to add rules to “forward” chain.
The input/output chains are reserved for traffic going TO or FROM your bridge, as in winbox and routed traffic.

larmaid · January 29, 2007, 4:24pm

@sten can i delete the bridge (that connected all the ether) and set all the 4 ether with specified ip…with the same subnet..and i want all the 4 ether are connected?? i’ve try this one but all the 4 ether cannt connected!!!

sten · January 29, 2007, 10:58pm

what’s your configuration?
and what do you want to achieve?

sky_16 · January 30, 2007, 3:43am

larmaid · January 30, 2007, 4:57pm

okay heres my configuration that i want to achive:

ether 1 - with ip = 10.10.1.1/255.255.0.0 (local) (reply only)
ether 2 - with ip = 10.10.2.1/255.255.0.0 (local)
ether 3 - with ip = 10.10.3.1/255.255.0.0 (local)
ether 4 - with ip = 202.165.x.x (global)

what i want to is all ether can connect each other without to creat a bridge…!!!

thx

tneumann · January 30, 2007, 5:33pm

Address overlap… they’re all 10.10/16

Well, if you do not create a bridge, then you’d have to route… but you can’t because your network address ranges overlap. Sounds like you’re stuck and need to rethink your network design.

–Tom

larmaid · January 30, 2007, 11:43pm

so that means i need to bridge, right??

sten · January 31, 2007, 6:28pm

no

you have a fundamental flaw in your design

you need to apply correct subnet masks.

hint: correct subnet masks for the subnetting you chose is 255.255.255.0 but you need to find out how this affects your routing tables.