I have an RB2011, a VDSL connection and the modem is connected via an ethernet cable on eth6 port. This ports acts as WAN and is not assigned in any bridge. I am also using PPPoE client on eth6 to get an IP address from my ISP and give internet to Routerboard and its LAN.
Also, my ISP requires a second device/router/VoIP gateway to be online, named "Speedport", for some services like VoIP ATA, heartbeat, ACS-TR069 and FonSpot. This device also uses PPPoE to get an IP address from my ISP. I don't want to connect the Speedport directly to the VDSL modem, because I want to limit the max speed it can get from my DSL line. At the same time, I don't want to give Speedport ANY network access to my LAN traffic and sensitive information. So I thought that a good idea was to:
Make a new bridge "BridgeSpeedport" and assign two ports: eth7 connected on Speedport's WAN port, and eth8 connected via a new ethernet cable to the second ethernet port of my modem, so they can communicate and establish the PPPoE connection. Then, I made a Simple Queue and with target eth7 and set max limits, and it works!
But despite the fact that Speedport uses PPPoE protocol and not DHCP or Static IP, all of its traffic goes through my /ip firewall filter and I can see every Speedport's connections (tcp/udp/vpn/sip) through /ip firewall connection.
Using Torch on eth7 port, I can only see Eth. Protocol 8864 (pppoe) and no IP connections.
I can't understand why, so firstly I'm sure that the IP Filter rules are also applied to Speedport's connection and I don't want to brake any of its communcations, but also I don't know if I messed it up and Speedport can now listed to my LAN traffic, on Layer3 or Layer2..
Could anyone explain me this situation and any other way to do this?
Thank you in advance,