Successfully upgrade the RB450G to RouterOS 4.10. Some new features pop up, haven’t played around yet.
I was trying to meter/filter some bridge traffic and after some searching I found “Use IP Firewall” needs to be switched on on the bridge to apply some mangle rules.
Do so throws up an issue though.
LAN contains Windows7 and Vista machines with a HP networked AIO printer.
Port 2-5 in a bridge, standard setup.
All machines and the printer have DHCP reservations from RB450G.
Turning on “Use IP Firewall” and the printer is inaccessible and other machines come and go in the network browser.
Any idea what would be causing this?
I see there is now a “Switch” section to ROS 4.10. Wasn’t there in 3.30. Switch indicates all ports switched. From reading elsewhere people have been saying the switch is better than the bridge in terms of performance. Is this still the case? It is worthwhile ditching the bridge setup for master-slave port switch setup?
Thanks in advance for any info and excuse the n00b status.
So what would be the point of it indicating all ports switched and at the same time showing bridge enabled?
In terms of switch, if my eth0 is for WAN and a slave all the other ports (eth2-eth4) to port eth1 and assign IP to eth1 could I not then perform mangle, etc, between eth1 and the rest of the setup? That is, switch replaces bridge in current setup?
Still curious as to what needs doing to enable bridge IP firewalling and not losing communication or getting intermittent communication with other devices in the bridge.
In terms of switch, if my eth0 is for WAN and a slave all the other ports (eth2-eth4) to port eth1 and assign IP to eth1 could I not then perform mangle, etc, between eth1 and the rest of the setup? That is, switch replaces bridge in current setup?
In this case of course you can use mangle and queues. Traffic between switched ports is not possible to mangle, because packets are not processed by CPU, but directly by switch chip.
Either way use only switch or only bridge.
Still curious as to what needs doing to enable bridge IP firewalling and not losing communication
Simply enabling use-ip-firewall will not cause communication loss. Recheck all firewall rules and make sure that one of the rules are not dropping packets.
I think I’ll reserve using the switch for when I need VLAN. I see VLAN is available there, but not on the bridge section.
Interesting enough that after the upgrade from 3.30 to 4.10 I see that it created an switch instance called switch1 and assigned all ports to it. At the same time my bridge is still there with all ports assigned to it as well. I take it then that only once I assign master-slave relation between ports that the switch will then be fully functional. If not, then it kind of goes against the idea of bridge or switch only.
I haven’t added any drop rules in the firewall, but I’ll check through them. There might be some default I overlooked.
Think I found it. Some initial setup I did for the pppoe connections from another example. src-nat masquerade but not on anything specific. Made one for each pppoe and all is good it seems.
