Hi!
I have a RB760IGs, and i have a basic question.
I configured a bridge and insert ports 3,4 and 5 in the bridge.
But, i want to limit the traffic at port 4 only. I try these configurations:
But doesn’t work. Any ideas? Thanks a lot!
on bridge settings enable firewall and all traffic goes to cpu, all is slower and you can use queues
What is connected on ether 4 ?
I’m curious, like a cat,
about why you asked, that…
I just want to understand what type of traffic the OP wants to limit…
Curious cat, let me ask you another question. Enabling use-ip-firewall in bridge settings is definitely the only way to force L2 forwarding through queues, but as you recommend it this lightheartedly, how do you deal with the havoc it causes on NAT?
Good question, for sure,
but I want you reassure,
if I don’t know all the configurations,
how can I make other assumptions ???
Never tried to rhyme in English,
so it’s going to be childish:
keep preparing for the worst,
so in laughter you could burst
once it turns out could be worse
than you expected at first!
In plain words, I try hard not to propose solutions without mentioning possible negative effects, and the one of enabling use-ip-firewall for the bridges is a huge one, and also unexpected.
how do you deal with the havoc it causes on NAT?
@sindy, what do you mean ?
Try and see… if I remember correctly, the packets were handled by NAT rules already during the bridging phase, so their addresses changed before reaching the routing, or something alike. I would have to google for the details, it was discussed here more than a year ago.
Maybe you mean that the packets will pass through the prerouting, forward and postrouting chains while still in the Bridge ?
https://help.mikrotik.com/docs/display/ROS/Packet+Flow+in+RouterOS#PacketFlowinRouterOS-BridgeForward
In certain network configurations, you might need to enable additional processing on routing chains for bridged traffic, for example, to use simple queues or an IP firewall. This can be done when the use-ip-firewall is enabled under the bridge settings. Note that additional processing will consume more CPU resources to handle these packets.
Of course I do, but that’s the obvious part. The non-obvious one are the consequences this has when the packets are bridged from a host to the CPU, because in such case they pass through the prerouting (including dst-nat), forward, and postrouting (including src-nat) chains twice (or even three times if the packets are routed from one bridge to another).
@rextended the diagram is the same 
@sindy, right…
I mean the number sequence indeed is different.. so at one point you are right…
But i was looking at the actual diagram ignoring the numbering…
Ops… 
I misunderstand…
Rsrs
Our company controls hydroelectric plants remotely, and the internet links have very limited bandwidth. A router is connected to this port and the employees there consume almost all the bandwidth (1mbps :/), and thus the traffic with important automation devices (which are also on the bridge is harmed).
The ether4 only works to employees access the internet and access automation devices in LAN.
I can put this port in other bridge, this way it's easier to limit traffic?
Shaping traffic will be equally easy or complex, but you’ll avoid the side effects if you move the port to a separate subnet/vlan/bridge.