Bridge and routing

lthavoc · November 27, 2014, 11:04am

Hi all!

I am running a RB750 in bridge mode as a transparent firewall. That basically means that the clients behind the firewall does not even know it is there since they are using the default gateway on the net and gets allocated ip addresses via the normal dhcp-server etc.

What I now need to do is to add an openvpn-client to the firewall and have the traffic to that net diverted there. This will obviously not work since the mikrotik is not the default gateway so the traffic just gets happily forwarded through the bridge to the “real” default gateway.

Is there a way to “intercept” that traffic and route just, say, traffic to 3.3.3.3 through the openvpn-interface?

Everything works of course if i change the default gateway to the ip of the mikrotik or add a route on the clients for 3.3.3.3, but i rather magically intercept and route it on the rb750.

Regards
M

Crami · December 18, 2015, 9:30am

Hi

Have you found a solution to that. I try to do something similar.

Regards

Matthias

ZeroByte · December 18, 2015, 6:59pm

This sort of thing can easily snowball into a very complicated, hard-to-manage-and-troubleshoot thing…

I would say that if you make a bridge NAT rule:
/interface bridge nat add action=redirect chain=dstnat dst-address=3.3.3.3/32 in-bridge=bridge1 mac-protocol=ip

This will modify the destination MAC address of the frame to be the Mikrotik’s MAC address (as if the Mikrotik had been chosen as the default gateway) - at that point, the packet will be routed normally.