I am using an RB3011 and attempting to create two /22 NAT Subnets. I am able to add the addresses with their /22 subnet mask, but when I attempt to create anything larger than a /24 when setting up the DHCP server, it highlights the box red and will not allow me to continue until I change it to a /24 or lower.
Does anyone have any idea why this would happen?
Firmware version 6.32.2
Are you using the wizard, or configuring it manually?
I was configuring it via the wizard. After enabling the option that said “enable IP firewall for bridge” it allowed me to add the pool, but the even weirder part is that apparently enabling that setting murders the speed, so I turned it back off, and everything still works fine.
That is pretty weird - it’s like saying the water in the sink won’t work unless you turn on the light in the garage or something…
The IP configured on the interface itself is actually a /22 right?
Believe me… I know! I am very confused myself. Yep. I created the /22 address on the bridge interface with no issues, but the DHCP server would not allow me to create the pool larger than /24 via the DHCP setup wizard.
Now the more puzzling question (perhaps the subject for another thread), is why my performance drops to below 20MPbs (down from 1 GBPS) running a speed test when “Use IP Firewall for Bridge” is enabled, even with no rules active.
Make manual config without wizzard.
not really weird as conntrack breaking forwarding in case “non established” dropping in RouterOS, while in other platforms its ~ works.
p.s. by default its popular to have combo of "allowing 2x “established”&“related” in both input and forwarding and 2x separately dropping rules in same chains, ie 2x more rules, than necessary, which is IMO redundant and weird.