Problem: On remote location we want to filter internet traffic that should go throught local gateway and send it directly to internet. Main problem is here how to pull traffic from "bridge". Somehow i cannot manage to properly configure "use-ip-firewall" option.
## Client config
* IP: 10.22.11.2/16
* GW: 10.22.1.1
* DNS: 10.22.1.1
## Main location
IP: 10.22.1.1/16
## REMOTE location (where Problem is)
Config export:
Code: Select all
# jan/02/1970 03:01:43 by RouterOS 7.5
# software id = 2SDY-BY0I
#
# model = RB5009UG+S+
# serial number = EC190FA98E0E
/interface bridge
add fast-forward=no name=LOCAL protocol-mode=none
/interface eoip
add local-address=192.168.99.9 mac-address=02:C9:94:90:D4:E7 name=eoip-tunnel1 remote-address=192.168.99.1 tunnel-id=534
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1 private-key="AL2VEB22IIEuF9K+GtaEKJhjF87lXZEL9C3Dj/Q4sEQ="
/interface bridge port
add bridge=LOCAL hw=no interface=ether8
add bridge=LOCAL hw=no interface=ether7
add bridge=LOCAL hw=no interface=ether6
add bridge=LOCAL hw=no interface=ether5
add bridge=LOCAL interface=eoip-tunnel1
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set accept-redirects=yes accept-source-route=yes allow-fast-path=no route-cache=no secure-redirects=no tcp-syncookies=yes
/interface wireguard peers
add allowed-address=192.168.99.0/24 endpoint-address=123,234.234.234 endpoint-port=9876 interface=wireguard1 public-key="gdZXfmvAYK6TELJUr/A/MeNnnRvXGOyeB7a82xc+5BU="
/ip address
add address=10.22.11.1/16 interface=LOCAL network=10.22.0.0
add address=192.168.99.9/24 interface=wireguard1 network=192.168.99.0
/ip dhcp-client
add interface=ether1
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=10.22.1.1 new-connection-mark=conn_gw passthrough=yes
add action=mark-packet chain=prerouting connection-mark=conn_gw new-packet-mark=pack_gw passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
Does anyone have idea how to properly redirect "internet traffic" to local gateway? Thanks for any tips&tricks