how to configure Firewall In bridge Mode

vikasjnp · October 16, 2011, 1:23pm

we are configuring Firewall on mikrotik

We need to configure router as bridge Mode and create firewall rule.

Certain users or IPs in network will be allowed for access all websites (full access).
Other user will block certain websites ( eg. http://www.xyz.com) but all other websites will be accessible.

We tried to configure 2) but it is blocking all users to access website.

Please assist

cbrown · October 16, 2011, 3:47pm

Why did you post this again?

sadeghrafie · October 16, 2011, 3:50pm

Dear vikasjnp
You posted this http://forum.mikrotik.com/t/bridge-mode-firewall/50916/1 before!!!
I dont know enough about bridge firewall. So If I were you, Configure Mikrotik as a Router instead of Bridge. Because it’s so easy to setup such firewall rules that you want. If you are able to Unbridge the Interfaces, I can help you

Go ahead with MK!!!

vikasjnp · October 16, 2011, 8:15pm

hi
sorry guys

by mistake i have posted twice.

sadeghrafie

thanks for reply

it is fine can u please assist me to configure firewall in router mode,

i will change interface as router Mode,

please assist

sadeghrafie · October 17, 2011, 6:23am

For configure RB in router mode, I need to know about your network.
Can you draw a network diagram or explain what devices do you have? such as switches, ADSL modem or anything that connect you to Internet.
If you Use ADSL modem, did it use PPPoE Service to connect to your ISP?
How many clients (PCs) do you have in your network?
Do you want to have any authentication method for connecting to network for your clients?
Do you want to set any bandwidth or time limitation on you clients?
.
.
.
everything you want, just explain!

vikasjnp · October 17, 2011, 8:38am

Hi

sadeghrafie

thanks for reply,

please find enclosed network diagram, and all other requirement.

we dont want use any auth method for users.

Is possible to create VPN between both sites ?

please assist

regards
Vikas

sadeghrafie · October 17, 2011, 10:26am

As you show in the diagram, You have the RB as a router.
For clients access to WEB in each office, you have to add a srcnat rule in / ip firewall nat which action is masquerade (Cause they have private IP)
For Bandwidth limitation, you can add Queue for each IP address. http://wiki.mikrotik.com/wiki/Manual:Queue
For restrict certain IP range, add filter rule in / IP firewall filter http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter

Is possible to create VPN between both sites ?

Yes there is different ways such as PPTP, L2PT and SSTP.
for example, In head office enable PPTP server and configure it. in the branch office create a PPTP Client in interface.
for exact configuration go to mikrotik wiki.