Hi all,
Have been playing with Mikrotik’s for a few months now, and had a query.
I’ve been allocated a range of Public IPs (for the sake of this, lets say 194.0.0.2-194.0.0.14, with .1 as the gateway).
If I wanted to pass one of these public IP’s through the Mikrotik on a VLAN to another router, but have some control of the traffic (queues) am I correct in saying I would put the WAN & VLAN in a bridge?
See demo code below, is this the right (or ideal) way of doing things?
Thanks
J
/interface bridge
add name=bridge-lan
add name=bridge-wan
/interface vlan
add interface=bridge-lan name=vlan10-testvlan vlan-id=10
/queue simple
add limit-at=5M/5M max-limit=5M/5M name=test-queue target=194.0.0.4/32 time=0s-1d,sun,mon,tue,wed,thu,fri,sat
/interface bridge port
add bridge=bridge-wan interface=ether1-wan
add bridge=bridge-wan interface=vlan10-testvlan
add bridge=bridge-lan interface=ether2
add bridge=bridge-lan interface=ether3
add bridge=bridge-lan interface=ether4
add bridge=bridge-lan interface=ether5
add bridge=bridge-lan interface=ether6
add bridge=bridge-lan interface=ether7
add bridge=bridge-lan interface=ether8
add bridge=bridge-lan interface=ether9
add bridge=bridge-lan interface=ether10
/ip address
add address=194.0.0.2/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.3/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.4/28 comment="Disabled as used for test passthrough" disabled=yes interface=bridge-wan network=194.0.0.0
add address=194.0.0.5/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.6/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.7/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.8/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.9/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.10/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.11/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.12/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.13/28 interface=bridge-wan network=194.0.0.0
add address=194.0.0.14/28 interface=bridge-wan network=194.0.0.0
add address=10.1.99.254/24 interface=bridge-lan network=10.1.99.0
/ip firewall address-list
add address=194.0.0.4 comment="Passthrough IP" list=PTIP
/ip firewall filter
add action=drop chain=forward comment="Drop incoming packets that are not NATted" connection-nat-state=!dstnat connection-state=new in-interface=bridge-wan log-prefix=!NAT src-address-list=!PTIPs
add action=accept chain=forward comment="Accept DstNAT" connection-nat-state=dstnat
add action=accept chain=input comment="Accept Input Est Rel" connection-state=established,related
add action=accept chain=forward comment="Accept Forward Est Rel" connection-state=established,related
add action=accept chain=input comment="Accept Input LAN" src-address=10.1.99.254/24
add action=accept chain=forward comment="Accept Forward LAN" src-address=10.1.99.254/24
add action=accept chain=input comment="Accept Input Passthrough" src-address-list=PTIP
add action=accept chain=forward comment="Accept Forward Passthrough" src-address-list=PTIP
add action=drop chain=input comment="Drop Input"
add action=drop chain=forward comment="Drop Forward"
add action=drop chain=forward comment="Drop invalid" connection-state=invalid log-prefix=invalid
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge-wan
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=194.0.0.1