Try change the NAT rule out interface to bridge 1 (the one with the public addresses)
Or remove the out interface rule unless you want to NAT bypass some traffic. Regards Alexander Alexander Neilson Neilson Productions Ltd [email protected] 021 329 681 > On 25/10/2014, at 10:54 am, Roy, Jerry <[email protected]> wrote: > > All, > > This seems like it should work. I feel I am close but no cigar yet ;) > > I want to take two ports (1 and 2) on a 750 and bridge them so two devices > can get a public IP from the /29 subnet assigned by ATT. This works. One > device is the Mikrotik and the second is a music player. I want to take the > remaining three ports (3 - 5) and use them in another bridge and have them > receive a private IP from the Mikrotik (192.168.88.0/24) - This works. Only > problem now is the private IP devices cannot get to the internet via NAT. > What must I do? > > > /interface bridge > add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes > disabled=no forward-delay=15s l2mtu=65535 \ > max-message-age=20s mtu=1500 name=loopback1 priority=0x8000 > protocol-mode=none transmit-hold-count=6 > add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes > disabled=no forward-delay=15s l2mtu=1598 max-message-age=\ > 20s mtu=1500 name=bridge1 priority=0x8000 protocol-mode=none > transmit-hold-count=6 > add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes > disabled=no forward-delay=15s l2mtu=1598 max-message-age=\ > 20s mtu=1500 name=bridge2 priority=0x8000 protocol-mode=none > transmit-hold-count=6 > /interface ethernet > set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited > disabled=no full-duplex=yes l2mtu=1598 mac-address=\ > 00:0C:42:FF:64:2D master-port=none mtu=1500 name=ether1 speed=100Mbps > set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited > disabled=no full-duplex=yes l2mtu=1598 mac-address=\ > 00:0C:42:FF:64:2E master-port=none mtu=1500 name=ether2 speed=100Mbps > set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited > disabled=no full-duplex=yes l2mtu=1598 mac-address=\ > 00:0C:42:FF:64:2F master-port=none mtu=1500 name=ether3 speed=100Mbps > set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited > disabled=no full-duplex=yes l2mtu=1598 mac-address=\ > 00:0C:42:FF:64:30 master-port=none mtu=1500 name=ether4 speed=100Mbps > set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited > disabled=no full-duplex=yes l2mtu=1598 mac-address=\ > 00:0C:42:FF:64:31 master-port=none mtu=1500 name=ether5 speed=100Mbps > /ip pool > add name=default-dhcp ranges=192.168.88.11-192.168.88.254 > /ip dhcp-server > add address-pool=default-dhcp authoritative=after-2sec-delay > bootp-support=static disabled=no interface=bridge2 lease-time=4h \ > name=default > /interface bridge port > add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none > interface=ether1 path-cost=10 point-to-point=auto \ > priority=0x80 > add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none > interface=ether2 path-cost=10 point-to-point=auto \ > priority=0x80 > add bridge=bridge2 disabled=no edge=auto external-fdb=auto horizon=none > interface=ether3 path-cost=10 point-to-point=auto \ > priority=0x80 > add bridge=bridge2 disabled=no edge=auto external-fdb=auto horizon=none > interface=ether4 path-cost=10 point-to-point=auto \ > priority=0x80 > add bridge=bridge2 disabled=no edge=auto external-fdb=auto horizon=none > interface=ether5 path-cost=10 point-to-point=auto \ > priority=0x80 > /interface bridge settings > set use-ip-firewall=no use-ip-firewall-for-pppoe=no > use-ip-firewall-for-vlan=no > /ip address > add address=192.168.88.1/24 comment=5.1.0.3 disabled=no interface=bridge2 > network=192.168.88.0 > add address=5.1.0.3/32 disabled=no interface=loopback1 network=5.1.0.3 > /ip dhcp-client > add add-default-route=yes default-route-distance=0 disabled=no > interface=bridge1 use-peer-dns=yes use-peer-ntp=yes > /ip dhcp-server config > set store-leases-disk=5m > /ip dhcp-server network > add address=192.168.88.0/24 comment="default configuration" dhcp-option="" > dns-server=208.67.220.220,208.67.222.222 gateway=\ > 192.168.88.1 ntp-server="" wins-server="" > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=216.231.192.0/20 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=216.231.207.0/24 > add action=drop chain=input comment="default configuration" disabled=no > in-interface=bridge1 > /ip firewall nat > add action=masquerade chain=srcnat comment="default configuration" > disabled=no out-interface=bridge2 src-address=192.168.88.0/24 \ > to-addresses=0.0.0.0 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mail.butchevans.com/pipermail/mikrotik/attachments/20141024/6914287b/attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
