Hello
I am bridging two Ethernet interfaces which have a number of vlans running over them. I want to be able to set up a destination nat for addresses in an address-list.
At first I did not know about the setting “use-ip-firewall-for-vlan” in /interface bridge settings so the only way I get the firewall to see and manipulate packets was to add a bridge for each vlan, add a vlan interface to each physical interface and then add the corresponding vlans be ports for there bridge. This worked perfectly except when the router reboots most ports on the bridge go inactive.
I was about to write a script to run on startup to delete everything then add them again when I stumbled upon the use-ip-firewall-for-vlan command I mentioned earlier. When I have this enabled and only have one bridge (for just the ethernet interfaces) the dst-nat chain sees packets going by but my destination nat does not work correctly. I just lose my connection to everything.
If this does not make sense I can upload my config or Supourt.rif for the different situations.
How should I be doing this?..