Problem: splitting selected traffic for filtering

RouterOS Beginner Basics
1

Hello,

I’m new here, so first and foremost my greetings to you.

I just got a RouterBoard 450G, and I’m hoping to solve an issue I’m having. I’ve been spending a week now on trying to find a solution, but I’m out of luck.

What I want to archieve is the following (image below):

On port 4 I have all my internal network, and on port 1 is the router of my isp (cablemodem with integrated router).

  1. The cablemodem already uses NAT, so I can define the network address of my internal network by myself. This one’s 192.168.10.1/24.

  2. On port 1, which is connected to this cablemodem, I’ve set up the address 192.168.10.2, and am running NAT on it as well. So I’m running a double NAT, which is what I want.

  3. The internal network on the RouterBoard, that is, port 2, 3, 4, live in the network 10.0.0.0/8, they are all bridged together, and port 5 is free to be used for recovery.

  4. Port 4 is connected to a switch, to which all the devices are connected to.

Up to this point everything works fine, I’m also able to do NAT hairpinning.

  1. I’ve got a Home Server with 3 NIC’s on it. NIC 1 and 2 are connected to the RouterBoard port 2 and 3 respectively, each one with its own ip address, and a small public server is hosted on it. I’m able to access this server from the internet via the NAT hairpin.
Now here comes the problem:

On the Home Server I’ve got a VM running Sophos UTM on it. It is set up to be in bridged mode, so that I can use it in fully transparent bridge mode (all IP’s are preserved, no client side configuration required) .

What I want to do is to make some devices, which are listed in an IP address list, not pass through the UTM (enter port 4 exit port 1), while those which are not listed should pass through the UTM, in order to filter their content (enter port 4, exit port 3, content filter, enter port 2, exit port 1).

I’m having trouble with this. I can’t route the traffic through the UTM. The entire approach is kind of a mistery to me, and I can’t get it to work. The idea is shown in the figure, I just don’t know how to get it to work, how I have to configure the RouterBoard.

The UTM works fine by itself, If I really bridge two networks with it, and the RouterBoard works fine when the UTM is disconnected (when at least one port from the VM is disabled). What kind of routes will I need to create, which bridges, which gateways, etc… this is still too difficult for me.

Feel free to ask for more info, any help is appeciated.

Kind regards,
Dan
RouterBoard.png