Hey there,
Im new to RouterOs

I have RB750UP(I will call that MIK1), and connected to internet from ether1(wan), and ether2,ether3,ether4 are bridged and can access to internet.

on interface ether5, there is another mikrotik(I will call that MIK2) that receives packets, most forwards to MIK1 clients,

MIK1 is a client on MIK2 with 192.168.2.150 IP,

for example, there is a dst-nat rule on MIK2 that receives on port 5000 and forwards to 192.168.2.150:5000(port 5000 on MIC1 ether5)and they will arrive to ether5 on MIK1,

and this packets most forward to bridge interface(ether2,ether3,ether4) on MIK1 and set another rule to get this packets to a client on bridge interface,

anyone could help me?how can i forward packets from ether5 interface to bridge interface on MIK1?
tnx

Your explanation seems backwards and not understandable.
Please provide a diagram of your network and also the configs of both devices.
/export hide-sensitive file=anynameyouwish

Thanks for reply
Sorry, but i think this diagram can explain my problem.
i can receive Green line packets in ether5 on MIK 1, but i need to receive this packet in bridge interface(red line) i want to confirm packets between ether 5 and bridge interface, somehow dont share internet from ether5 to bridge interface ,
I hope product enough explanation,
Thank…

As requested post configs for both devices.
/export hide-sensitive file=anynameyouwish

MIK2:
[admin@MikroTik] > export

mar/10/2022 06:13:54 by RouterOS 6.48.3

software id = 9DLY-IT58

model = 951G-2HnD

serial number = ********

/interface wireless

managed by CAPsMAN

set [ find default-name=wlan1 ] antenna-gain=0 country=no_country_set
frequency-mode=manual-txpower ssid=MikroTik station-roaming=enabled
/interface pppoe-client
add disabled=no interface=ether1 name=internet_fiber password=******* user=\

/interface list
add name=list1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.2.2-192.168.2.180
add name=dhcp_pool1 ranges=
192.168.110.1-192.168.110.21,192.168.110.23-192.168.110.254
add name=dhcp_pool2 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool3 ranges=192.168.200.1,192.168.200.3-192.168.200.254
add name=dhcp_pool4 ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether2 lease-time=1d10m name=
dhcp1
add address-pool=dhcp_pool4 disabled=no interface=ether4 name=dhcp2
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set internet-interface-list=list1
/interface list member
add interface=ether1 list=list1
/interface wireless cap

set discovery-interfaces=internet_fiber enabled=yes interfaces=wlan1
/ip address
add address=192.168.11.2/24 interface=ether1 network=192.168.11.0
add address=192.168.0.1/24 interface=ether4 network=192.168.0.0
add address=192.168.2.1/24 interface=ether2 network=192.168.2.0
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=192.168.10.1/24 interface=ether2 network=192.168.10.0
add address=192.168.166.2/24 interface=ether2 network=192.168.166.0
/ip arp
add address=192.168.2.130 interface=ether2 mac-address=8C:DE:F9:A8:C2:76
/ip dhcp-client
add comment=defconf disabled=no
/ip dhcp-server lease
add address=192.168.2.130 client-id=1:8c:de:f9:a8:c2:77 mac-address=
8C:DE:F9:A8:C2:77 server=dhcp1
add address=192.168.2.75 mac-address=5C:93:A2:9F:CF:F7 server=dhcp1
add address=192.168.2.76 mac-address=28:D2:44:FA:C4:6A server=dhcp1
add address=192.168.2.181 mac-address=C8:E7:D8:88:56:4A server=dhcp1
add address=192.168.2.182 mac-address=38:6B:1C:30:95:B6 server=dhcp1
add address=192.168.2.183 mac-address=C8:E7:D8:88:60:82 server=dhcp1
add address=192.168.2.184 mac-address=00:80:91:74:19:36 server=dhcp1
add address=192.168.2.77 mac-address=D0:37:45:48:C7:18 server=dhcp1
add address=192.168.2.150 mac-address=D4:CA:6D:B4:07:2A server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1
add address=192.168.1.0/24 gateway=192.168.1.1
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.110.0/24 gateway=192.168.110.22
add address=192.168.200.0/24 gateway=192.168.200.2
/ip dns
set servers=8.8.8.8,9.9.9.9
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes dst-address=
!... dst-port=80 new-routing-mark=mak passthrough=yes protocol=
tcp src-address=192.168.0.0/16
add action=mark-routing chain=prerouting disabled=yes dst-address=...
dst-port=443 new-routing-mark=mak passthrough=yes protocol=tcp src-address=
192.168.0.0/16
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24
add action=masquerade chain=srcnat src-address=192.168.1.0/24
add action=masquerade chain=srcnat src-address=192.168.2.0/24
add action=dst-nat chain=dstnat dst-address=... dst-port=4000
protocol=tcp to-addresses=192.168.2.212 to-ports=3389
add action=dst-nat chain=dstnat dst-address=... dst-port=4002
protocol=tcp to-addresses=192.168.1.111 to-ports=3389
add action=dst-nat chain=dstnat dst-address=... dst-port=4001
protocol=tcp to-addresses=192.168.1.10 to-ports=3389
add action=dst-nat chain=dstnat dst-address=... dst-port=4003
protocol=tcp src-port="" to-addresses=192.168.1.192 to-ports=3389
add action=dst-nat chain=dstnat dst-address=... dst-port=22020
protocol=tcp to-addresses=192.168.2.75 to-ports=3389
add action=dst-nat chain=dstnat dst-address=... dst-port=22021
protocol=tcp to-addresses=192.168.2.76 to-ports=3389
add action=dst-nat chain=dstnat dst-address=... dst-port=22022
protocol=tcp to-addresses=192.168.2.77 to-ports=3389
add action=dst-nat chain=dstnat dst-address=... dst-port=22023
protocol=tcp to-addresses=192.168.2.150 to-ports=22023
/ip route
add distance=1 gateway=internet_fiber pref-src=192.168.11.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=********



MIK1:

mar/09/2022 17:27:37 by RouterOS 6.42.5

software id = 73J4-4DWA

model = 750UP

serial number = *******

/interface bridge
add admin-mac=D4:CA:6D:B4:07:27 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.2.20-192.168.2.180
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge lease-time=1d10m
name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.2.1/24 comment=defconf interface=bridge network=192.168.2.0
add address=192.168.2.150 interface=ether5 network=192.168.2.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
add dhcp-options=hostname,clientid disabled=no interface=ether5
/ip dhcp-server lease
add address=192.168.2.180 client-id=1:28:d2:44:fa:c4:6a mac-address=
28:D2:44:FA:C4:6A server=defconf
/ip dhcp-server network
add address=192.168.2.0/24 comment=defconf gateway=192.168.2.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=
"defconf: accept established,related,untracked" connection-state=
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN"
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy"
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy"
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack"
connection-state=established,related
add action=accept chain=forward comment=
"defconf: accept established,related, untracked" connection-state=
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=
invalid
add action=drop chain=forward comment=
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=
out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=22023 protocol=tcp src-port=""
to-addresses=192.168.2.1
add action=accept chain=dstnat dst-port=22023 protocol=tcp src-port=""
/system clock
set time-zone-name=*******
/system identity
set name=Hor
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

There is a nat rule on MIK2, forwards packets with dst port 22023 to 192.168.2.150(MIK1 ether5 ip as a client),
I want to sent this packets from ether5 to bridge interface in MIK1.

You have same 192.168.2.0/24 subnet on both routers, that won’t work well. It may be possible to come up with some clumsy config that would work, but it’s most likely not a good idea. The right way would be to renumber MIK1’s LAN to something unique, and then it would be possible to forward packets from MIK2 to there.

Tnx 4 reply

I dont think using same network conflict, so I changed MIK1 network to 192.168.3.0/24, I can forward packets to MIK1 ether5, but i want forward them from ether5 to ether2 on MIK1,

in short, i want forward packets from an interface to another interface, not a client already on interface,

I don’t think I understand what you mean by the last thing. There must be some destination as specific device, you can’t just send packets “to interface” (at least not with ethernet).

Interfaces dont have requirements they just exist.
Users have requirements so explain what USER X should be able to do…