/interface bridge> filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept mac-protocol=arp
1 chain=input action=accept mac-protocol=ip dst-address=46.24.14.226/32 dst-port=22 ip-protocol=tcp log=yes
2 chain=input action=accept mac-protocol=ip ip-protocol=icmp
3 X chain=input action=accept mac-protocol=ip dst-port=53 ip-protocol=udp
4 X chain=input action=drop log=yes
5 chain=forward action=accept mac-protocol=arp
6 chain=forward action=accept in-interface=WAN out-interface=Serverraum1 mac-protocol=ip dst-address=46.24.14.233/32
7 chain=forward action=accept in-interface=Serverraum1 out-interface=WAN mac-protocol=ip src-address=46.24.14.233/32
8 chain=forward action=accept in-interface=WAN out-interface=BSW mac-protocol=ip dst-address=46.24.14.238/32
9 chain=forward action=accept in-interface=BSW out-interface=WAN mac-protocol=ip src-address=46.24.14.238/32
10 chain=forward action=accept in-interface=WAN out-interface=ESV mac-protocol=ip dst-address=46.24.14.237/32
11 chain=forward action=accept in-interface=ESV out-interface=WAN mac-protocol=ip src-address=46.24.14.237/32
12 chain=forward action=drop log=yes
13 chain=output action=accept mac-protocol=ip src-address=46.24.14.226/32
14 chain=output action=accept mac-protocol=arp
15 chain=output action=drop log=yes
/interface bridge> settings print
use-ip-firewall: yes
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no
allow-fast-path: no
bridge-fast-path-active: no
bridge-fast-path-packets: 0
bridge-fast-path-bytes: 0
bridge-fast-forward-packets: 0
bridge-fast-forward-bytes: 0
/interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload
# INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZON
0 H WAN bridge1 yes 1 0x80 10 10 none
1 H Serverraum1 bridge1 yes 1 0x80 10 10 none
2 H Serverraum2 bridge1 yes 1 0x80 10 10 none
3 I H BSW bridge1 yes 1 0x80 10 10 none
4 I H ESV bridge1 yes 1 0x80 10 10 none
/interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 S BSW ether 1500 1592 10218 B8:69:F4:88:C9:26
1 S ESV ether 1500 1592 10218 B8:69:F4:88:C9:27
2 RS Serverraum1 ether 1500 1592 10218 B8:69:F4:88:C9:1E
3 RS Serverraum2 ether 1500 1592 10218 B8:69:F4:88:C9:1F
4 RS WAN ether 1500 1592 10218 B8:69:F4:88:C9:32
From my isp i get the subnet 46.24.14.234/28 without an transer ip, so i need an filtered bridge on my mikrotik firewall to use the public ipv4 on devices behind the mikrotik firewall.
My goal is to limit the ip usage per port.
46.24.14.225/28 = gateway from isp
46.24.14.226/28 = system ip mikrotik
46.24.14.233/28 = device on port Serverraum 1
46.24.14.237/28 = device on port ESV
46.24.14.238/28 = device on port BSW
I try to force the devices to use the mikrotik (46.24.14.236/28) as default gateway an not the isp gateway.
In addition i want to enforce that the device on Port Serverraum 1 can only use the ip 46.24.14.233/28, device on port ESV 46.24.14.237/28 and so on.
Can someone give me some tips?