All,
This seems like it should work. I feel I am close but no cigar yet ;)
I want to take two ports (1 and 2) on a 750 and bridge them so two devices can
get a public IP from the /29 subnet assigned by ATT. This works. One device is
the Mikrotik and the second is a music player. I want to take the remaining
three ports (3 - 5) and use them in another bridge and have them receive a
private IP from the Mikrotik (192.168.88.0/24) - This works. Only problem now
is the private IP devices cannot get to the internet via NAT. What must I do?
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
disabled=no forward-delay=15s l2mtu=65535 \
max-message-age=20s mtu=1500 name=loopback1 priority=0x8000
protocol-mode=none transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
disabled=no forward-delay=15s l2mtu=1598 max-message-age=\
20s mtu=1500 name=bridge1 priority=0x8000 protocol-mode=none
transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
disabled=no forward-delay=15s l2mtu=1598 max-message-age=\
20s mtu=1500 name=bridge2 priority=0x8000 protocol-mode=none
transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
00:0C:42:FF:64:2D master-port=none mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
00:0C:42:FF:64:2E master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
00:0C:42:FF:64:2F master-port=none mtu=1500 name=ether3 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
00:0C:42:FF:64:30 master-port=none mtu=1500 name=ether4 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
00:0C:42:FF:64:31 master-port=none mtu=1500 name=ether5 speed=100Mbps
/ip pool
add name=default-dhcp ranges=192.168.88.11-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay
bootp-support=static disabled=no interface=bridge2 lease-time=4h \
name=default
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether1 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether2 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge2 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether3 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge2 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether4 path-cost=10 point-to-point=auto \
priority=0x80
add bridge=bridge2 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether5 path-cost=10 point-to-point=auto \
priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip address
add address=192.168.88.1/24 comment=5.1.0.3 disabled=no interface=bridge2
network=192.168.88.0
add address=5.1.0.3/32 disabled=no interface=loopback1 network=5.1.0.3
/ip dhcp-client
add add-default-route=yes default-route-distance=0 disabled=no
interface=bridge1 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dhcp-option=""
dns-server=208.67.220.220,208.67.222.222 gateway=\
192.168.88.1 ntp-server="" wins-server=""
add action=accept chain=input disabled=no dst-port=22,80,443,8291 protocol=tcp
src-address=216.231.192.0/20
add action=accept chain=input disabled=no dst-port=22,80,443,8291 protocol=tcp
src-address=216.231.207.0/24
add action=drop chain=input comment="default configuration" disabled=no
in-interface=bridge1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no
out-interface=bridge2 src-address=192.168.88.0/24 \
to-addresses=0.0.0.0
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20141024/6914287b/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
