Bridge filter issue

noxid8 · July 29, 2011, 6:50pm

Hi all, I’m having some issues with my setup. I have ether1 with a public address going to the internet I also have ether2, ether4 and wlan1 bridged with a private address. I’m trying to give access to ether2 for everything but restrict ether4 to only have local access and no internet and give wlan1 access to internet but not local ethernet (ether2). I have setup the following bridge filters.

0 ;;; drop protected from internet
chain=forward out-interface=ether1 (wan) action=drop
in-interface=ether4 (protected)

1 ;;; drop wifi from local
chain=forward out-interface=ether2 (private) action=drop
in-interface=wlan1

the “drop wifi from local” filter works great but the “drop protected from internet” does not work. anyone attached to ether4 can get anywhere like ether2. What am I doing wrong?

Thanks.

cbrown · July 29, 2011, 11:20pm

You are going about this completely wrong. For what you are trying to do you should have each interface on a different subnet and not use a bridge at all. Then you can control what gets where in /ip firewall

noxid8 · July 30, 2011, 4:05am

I need it all on the same subnet for un-routable application.

cbrown · July 30, 2011, 4:09am

What application would that be?

noxid8 · July 30, 2011, 4:20am

content protected video streaming app. It prevents sharing over the internet but allows local access.

cbrown · July 30, 2011, 4:27am

What are the requirements of the app? Does it have to be on a certain network?

noxid8 · July 30, 2011, 6:10am

Users from all three networks, ether2, ether4 and wlan1 need to access the app and it all has to be on the same subnet. The way I have it works great except the issue with the one filter not working like I mentioned.

Thanks.

noxid8 · August 2, 2011, 1:12am

Maybe someone from MikroTik support can tell me if this is a bug, misunderstanding of function or misconfiguration?

Thanks.