Hi, I'm new here but have been using RouterBOARD model 750 with firmware 2.41 for some time.
I can't get it to do something which I perceive to be incredibly simple - it's my failing.
The essence of what I'm trying to do is: a firewall within a LAN. I have a modem/gateway which I can't change, but its firewall is inadequate, so I'm trying to use the ROS as kind of an inline filter to further protect some servers.
The modem/gateway does DHCP and DNS etc. I want all my computers to be on the same IP pool and visible to each other, but I want 2 (potentially various) servers to have additional protection behind the Mikrotik.
As far as I can tell I shouldn't need NAT as I'm not really concealing IP addresses.
I have 4 ether interfaces in a bridge for the 'private' side, and ether1 is connected to the public-side (but is not literally public). I have a static IP address reserved for DHCP client on the public side, which allows me to connect fine.
I have tried (and disabled) various firewall rules on input and forward chain, which I have tested in various states of enablement. Nothing works right no matter what filter rules are applied: either nothing gets through at all or everything gets through unfiltered.
It appears no packets ever hit the forward chain.
I heard that I might still need NAT, despite not really trying to hide addresses, so I tried it with srcnat masquerade on ether1 - that didn't work. I also tried various dstnat configurations, all of which failed. Most advice on the forums seems to be for newer models as some features (e.g. in-address-list, fasttrack) seem to be unavailable, so that makes it tricky. Also, this model appears to not have distinct srcnat dstnat chains (or pre- / post- whatever), it just has: input, output and forward.
Can someone please advise on the basic steps that are essential for this configuration and for this model? I'm sure it must be really simple (especially as I've tried this with all firewall rules disabled), but I just can't fathom it!
Thanks in advance.