Bridge Issue/Question

RouterOS General
1

I’ve tried this on Router OS 5.11 and 4.x, both have the same result… so I’m assuming I must be doing something wrong – but looking for advise as I’m drawing a blank.

My current config is like so on an RB450GS:

Port 1 - [Internet Connection]
Port 2 - [DHCP+Nat 192.168.88.1/24]
Port 3 - [DHCP+Nat 10.200.90.1/24]
Port 4 - [Bridged]
Port 5 - [Bridged]

The final configuration I want is:
Port 1 - [Internet Connection/Bridged]
Port 2 - [DHCP+Nat 192.168.88.1/24]
Port 3 - [DHCP+Nat 10.200.90.1/24]
Port 4 - [Bridged]
Port 5 - [Bridged]

So that ports 1,4,5 all have public access to the Cisco router connected to Port 1 and Ports 2 and 3 handle the two private networks.

The issue comes that when I stick Port 1 into the bridge, while I can still ping the router from port 2 or 3 I can not get back it out to the Internet – it’s like the NAT just dies. Is there something wrong with the way I’m trying to set this up?

2

48 hours and no response from either the forum or support? What a great way to encourage people to start using the Ubiquiti EdgeOS when it comes out.

3

A little more info would help.

/interface bridge print
/interface bridge port print
/ip firewall nat print

4

[admin@MikroTik] /interface> bridge print
Flags: X - disabled, R - running
0 R name=“bridge” mtu=1500 l2mtu=1524 arp=enabled mac-address=00:0C:42:CA:FA:AB protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00
max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m

[admin@MikroTik] /interface> /interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic

INTERFACE BRIDGE PRIORITY PATH-COST HORIZON

0 ether4-IPTube bridge 0x80 10 none
1 ether5-Office Power Monitor bridge 0x80 10 none
2 ether3-RADWin bridge 0x80 10 none


[admin@MikroTik] /interface> /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway

5

You show ether3 in the bridge group, which conflicts with the desired configuration you posted. An oversight, I’m sure.

Onto the bridge… this gets fun. When you add an IP address to an interface, it belongs to that interface. However, if you then stick that interface into a bridge group, the IP address is transferred to the bridge and ends up breaking NAT.

Change the nat rule to use the bridge as the out-interface. You can move the IP or not.


Another option, assuming that you’re using a device with a switch chip (45x, 75x), is to move your LAN to ether1/ether2, and move your WAN to ether3, then slave ports 4 and 5 to ether3. In this case, your NAT and IP will be on ether3. Devices behind ports 4 & 5 will be switched, not bridged, which should have a positive impact on performance.

6

The bridge is currently setup that way because we weren’t able to get it to work properly, sorry I should have configured it the desired way and pasted that. Right now I’m doing 1:1 NAT to get the desired outcome (public IPs for devices on those ports) but it’s not great.

Ahhh… I tried changing routes and what not. Probably the nat rule is what was getting me.