I am currently trying to deploy a CCR1036-12G-4S in my data center as the core router. I am trying to get several device to use my public IPs. I have tried just about every suggestion but nothing seems to work correctly.

I have a /28 subnet from the datacenter.
I assined the 1st useable IP to Eth1 and setup for internet access accordingly
I have then put ports 1,2,3 & 4 in the same bridge.
Then ports 5-12 in another and set them up as my LAN and setup DHCP.

My public servers are on ports 2-4. This setup seems to work at 1st but it is not very stable. Either my lan will not route to the internet or it uses the wrong IP or the public IPs will not route

I am looking for the Proper!! way to do this. I currently have a switch in front of the router and my public IPs work fine.

Essentially i want the mikrotik to act as the firewall and i want to be able to monitor the traffic as well. I have seen several suggestions that suggest proxy-arp and putting them in the same bridge. None seem to work!

Have you got only the public subnet from the datacenter, so you have to waste one address for the gateway at their side and another one for each of the devices on yours, which includes at least one for the Mikrotik itself, or did they give you an interconnect subnet so all the /28 is yours?

If I understand your request correctly, you have multiple public IPs available at your WAN port, you have several public servers on your LAN, and you want each of those servers to be accessible from and to use one and only one of those public IPs pemanently.

If this is so, the configuration is mostly straightforward:

In /ip address, assign each of the public IPs separately (do not try to use a range) to the WAN port; e.g., 5.5.5.1/28, 5.5.5.2/28, 5.5.5.3/28, etc.

Assign each of your servers a static IP on your LAN, using either static IP on that server or reserved DHCP on the router; e.g., 192.168.1.100. 192.168.1.101, etc. (here, assuming your bridge is something like 192.168.1.0/24).

In /ip firewall nat, use destination NAT to translate each unique public IP to the desired corresponding private IP (two rules each); e.g.:

Hope this is what you wanted.

I think you can try this way: All of your physical ports are Layer 2 port, WAN-bridge and LAN-bridge are Layer 3 port.
Just have a try , i didn't test it.

I think you can try this way:
Just have a try , i didn't test it.

Nothing in your example addresses his public IP issue.

Maybe what you are trying is to make your Servers accessible through the Public IPS ?
If yes then 1:1 NAT is what you should use ...

However, there is no need to add all those ports 1-4 inside a bridge...
What i would do is:
I do not add any of those ports 1-4 to any bridge !!!
Eth1 will be used as my WAN port, so i will add my firewall NAT rule and src-nat all the traffic going out of the eth1...

Then in Firewall Nat, where my server is at e.g. 192.168.1.10 :
Notice that in my NAT rules the eth1, my WAN port where all other traffic is going out the Internet is at the end...
What i ve done so far is translate my eth1 to my Public WAN IP and my servers each one to their own Public IPs...

In case you do not want each server to have its own Public IP, then simply at your static Public IP at your eth1, do not add it inside any bridge...
Create your routes, nat rules etc. and you are ready... eth1 will be your WAN port and the rest of the ports can be added inside a Bridge...

I think you can try this way:
Just have a try , i didn't test it.

Nothing in your example addresses his public IP issue.

Can you explain why ?

The original problem is to take a very limited number of public IPs and serve a data center (many devices), only a few of which he wants to be directly accessible from the outside. That requires a NATted LAN. That requires /firewall ip nat entries.

The public devices are assigned Public Devices directly. I am trying to separate them from my private lan completley. The only way i have been able to make it work was to but them into their own bridge. However it did not work well at all. The servers could not communicate correctly with each other at all. I assume it has somthing to do with broadcast perhaps. I am not sure.
When i use a switch in fron of the router things work properly. These servers are for Voip. It is important that there is no NAT involved.

To further complicate things. I would also like to have some sort of redundancy routing. I plan on adding a 2nd router or using a switch for VRRP. I am not sure what the best way to go about that yet either.

So i have a /28 subnet for example:

10.10.0.1 Gateway
10.10.0.1 HSRP 1
10.10.0.2 HSRP 2 This is a cisco protocal i know. Just using this because this is what the datacenter provides us. I cannot use them i assume.

10.10.0.3 is my gateway assigned for the local lan
The local lan is 192.168.0.0/24 U

10.10.0.4 is server 1
10.10.0.5 is server 2
10.10.0.6 is server 3

I assume to use VRRP i will need a 2nd router or perhaps a switch and 2 routers.

The data center provides 2 connections for a primary and secondary connection. I can use either but only one will route at a time. I am not sure of it is even possible to have true rputer redundancy with out using cisco equipment.

The public devices are assigned Public Devices directly

Your implementation is wrong anyway...
You assigned an address to eth1 and then you did put it in a bridge with some other ports... Whats the point ?
Posts number #6 shows how you assign addresses on interfaces and how you can make those public by using 1:1 Nat... Or even what you should do in case the /28 subnet you got is intended to be used only for 1 Wan Interface and all the servers would be accessible through that specific Public IP, but you have not provide any further details on that...

The public devices are assigned Public Devices directly. I am trying to separate them from my private lan completley. The only way i have been able to make it work was to but them into their own bridge. However it did not work well at all. The servers could not communicate correctly with each other at all. I assume it has somthing to do with broadcast perhaps. I am not sure.
When i use a switch in fron of the router things work properly. These servers are for Voip. It is important that there is no NAT involved.

From what you wrote in this post I understand there is no interconnection subnet, so without VRRP/HSRP, one address out of the /28 is used as the router at datacenter side, so you are left with only 13 addresses you can actually use, since the network address, the broadcast address and a gateway address are occupied. And depending on the equipment the DC uses, use of HSRP/VRRP may require anoter two IP addresses from the subnet to be used by the physical routers at their side.

You've also stated that you want to use Mikrotik as a firewall standing between those servers and the internet. The only way to insert Mikrotik's stateful firewall into the path between the gateway provided by the DC and your servers is to have the uplink at one member port of a bridge and the servers on another one(s), and set /interface bridge settings set use-ip-firewall=yes. This will make packets forwarded from one bridge port to another be inspected by the IP firewall rather than (or maybe in addition to? Haven't tested that yet) the bridge filter and bridge nat rules. But doing so means that the IP firewall will handle also the traffic among your servers in that subnet, so it must be configured accordingly. More than that, this setting is common to all bridges, so you'll also have to add rules to the IP firewall which will allow the devices connected to the LAN bridge to talk to each other if necessary. If you don't need the stateful firewall and can live with a stateless one, without address lists etc., the bridge rules may be sufficient. Not knowing your requirements is hard to guess.

To further complicate things. I would also like to have some sort of redundancy routing. I plan on adding a 2nd router or using a switch for VRRP. I am not sure what the best way to go about that yet either.
...
I assume to use VRRP i will need a 2nd router or perhaps a switch and 2 routers.
...
The data center provides 2 connections for a primary and secondary connection. I can use either but only one will route at a time. I am not sure of it is even possible to have true rputer redundancy with out using cisco equipment.

VRRP/HSRP is an L3 redundancy mechanism, which means that all the members of the VRRP group must be in the same subnet and L2 segment. Hence a combination of two physical uplinks with VRRP must include also some kind of L2 redundancy, such as STP. If that is the case, you can use two Mikrotik CCR at your end as well. Provided that each of the servers on public IPs has two network interfaces which can be configured for bonding or teaming with a preference of one link, the VRRP L3 redundancy provided by the DC will be enough for these servers. The requirement to use only one uplink at a time will be fulfilled automatically as the STP works like that.

Providing redundancy for the LAN devices, however, requires the two Mikrotiks to run VRRP too, as the traffic to the LAN subnet will be routed via Mikrotik's public address. Mikrotik's implementation of VRRP allows that a different subnet on the same L2 segment is used for the VRRP communication between the physical routers, so if the DC doesn't mind having a private subnet in the same (V)LAN where the public one for you is running, you can still use only the virtual IP as a public one; if you have to use public IPs for the physical routers, two more are gone.

If the DC runs VRRP too, it is important to assign a different VRRP group ID to the Mikrotiks to avoid conflict.

To provide redundancy to the LAN hosts, another instance of VRRP must be running on the LAN subnet; you'll have to either use a script to let the VRRP at the LAN side track the one at the WAN side, or create a link subnet between the two Mikrotiks so that a traffic for the LAN subnet received by the one which is active VRRP-wise on WAN could be delivered via the second one which is active VRRP-wise on the LAN.

Another way to provide redundancy using two Mikrotiks is to use @nathan1's High Availability setup rather than STP and VRRP at your side.

But whichever way you choose will be affected by the absence of a way to synchronize the connection tracking table between two routers in RouterOS. Which is another reason to use stateless firewall for the production traffic if possible.