Hi , hello , cześć.
I need your help.
The situation looks like this:
I have a provider - a separate line. I got 5 public addresses from him.
Say:
217.153.XXX.10 - network
217.153.XXX.11 - gate
217.153.XXX.12-217.153.XXX.16 - hosts
217.153.XXX.17 - broadcast
I have a device mikrotik 750
I want to be able to use public ip addresses and secure transmissions through the firewall.
I started to do:
217.153.XXX.12 port first input wan
217.153.XXX.13 port 5 pinned computer that will make the service available.
To make use of public ip without Nat I made a bridge between wan and port 5.
All nice ping
So I set the address 217.153.XXX.13 on the computer with the gate 217.153.XXX.12 to move through the microtic.
In the bridges, I have marked the ip firewall rule.
I set the rule on the firewall with the bridgel interface to discard all traffic and I would like only a few lucky people after the IP address filtered to get to the computer.
But rules not working properly 
Hi,
“Use IP firewall” in bridge is extremely CPU intensive and its use is almost always advised against. Although it might be more confusing for someone else looking at it, you can use proxy ARP to put the same subnet on two different interfaces, then the traffic can actually be routed. That will give better performance than “use ip firewall” in bridge.
Hi
Arp proxy?
Can you give me an example configuration on my example?
Suppose your public IP scheme is 192.0.2.64/29
This CIDR block allows 192.0.2.65 - 192.0.2.70 as usable host addresses, and usually the lowest is the default GW (by convention)
so let’s say your ISP’s router is 192.0.2.65 - this is your default GW in the Mikrotik, and you’ve assigned 192.0.2.66/29 to the ether1 interface. Now you want to assign 192.0.2.67 to another host, but have it “behind” the Mikrotik.
To do this with Proxy arp:
set ether1 arp=proxy-arp
Then choose an interface for your other public IP hosts - say ether2…
set ether2 arp=proxy-arp as well.
Then add these extra hosts to your ether2 interface by adding /32 addresses to ether2.
Use the Mikrotik’s WAN IP again, but manually set the network=ip.of.extra.host
So to connect host 192.0.2.67 to ether2, do this:
/ip address add address=192.0.2.66/32 network=192.0.2.67 interface=ether2
(repeat this for each additional host, leaving the IP address the same, but changing the network address)
Configure the host to use 192.0.2.65 as the default GW (you could set it to be .66 as well, but if you ever want to disconnect the Mikrotik from the middle, you won’t need to change the host’s config if it’s already set to use .65)
So I set the address 217.153.XXX.13 on the computer with the gate 217.153.XXX.12 to move through the microtic.
what subnet have you set for the computer? can u do a tracert from the computer to see if you are being routed from 217.153.XXX.12?