Public IP Firewall with Bridging Wan Interface

georgios · September 24, 2018, 10:03pm

Helllo,

In order to assign directly Public IP on my Servers and Have FIREWALL with Mikrotik, I follow this tutorial https://www.youtube.com/watch?v=c91uXBF22n4&t=711s

I take two interface :
ETH_WAN : my Internet Provider delivering me /27 (30 publics IP)
ETH_VLANx: Special VlanX created on the Switch to put all my server / Public IP filtered

I did a “BRIDGE” with ETH_WAN and ETH_VLANx

I setup IP/Firewall with “FORWARDING” (drop or accept Traffic) from this BRIDGE.

One a our server does not accept the DSTNAT Translation because of too strange streaming IIS server…and It’s helpful for some configurations.

My questions are:

are they any better option to assign Public IP with Mikrotik Firewall rules? like Bridge/Filters?
to you suggest a better setup?

many thanks

Sob · September 24, 2018, 10:59pm

It’s not exactly clear what you want and what doesn’t work. The point of bridging config is to give public addresses directly to internal devices. But you complain about some dstnat, where did that come from?

georgios · September 25, 2018, 11:33am

Yes I could like to give access directly to servers. / I do not want to do any DSNAT.

But in the same tim I would like also to do transparent “firewalling” with the bridge.

I currently did it with two ETH interfaces and IP/Firewall.

Is this the best way ? or should I use Bridge/Firewall?

many thanks.

Sob · September 26, 2018, 12:54am

If you mean that you had NAT before and changed it to bridging to get rid of it, then it makes sense.

What to say about it, it works. Bridge firewall is a little more low-level. It could be used for some purposes, but it won’t give you things like connection states and other extras.

Another approach could be using proxy-ARP, but I can’t say in what sense it would be clearly better.