Did you enable IP firewall for the bridge?
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Mar 10, 2015 at 1:00 PM, Roy, Jerry <[email protected]> wrote: > Hi Gentlemen, > > Should I be able to Nat between two bridge interfaces? I keep getting > timed out when trying to ping 8.8.8.8 from the bridge 2 (ip 192.168.88.1) > interface. > > /ip firewall filter > add action=accept chain=input comment="Netgear Switch access" disabled=no > src-address-list="Netgear Switch Access" > add action=drop chain=input disabled=no dst-port=8443 protocol=tcp > add action=accept chain=input comment="default configuration" disabled=no > protocol=icmp > add action=accept chain=input comment="default configuration" disabled=no > dst-port=123 protocol=udp > add action=accept chain=input comment="default configuration" > connection-state=established disabled=no > add action=accept chain=input comment="default configuration" > connection-state=related disabled=no > add action=accept chain=input comment="Allow Management from MNS" > disabled=no dst-port=161 protocol=udp src-address=10.94.64.16/29 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=10.94.64.16/29 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.106.72.0/26 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.106.76.203 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.167.154.0/24 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=162.93.0.0/16 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=216.231.192.0/20 > add action=accept chain=input comment="Used for VoIP Phone TS with Access > Line VoIP provider. Must Be DISABLED at ALL times unless TS." disabled=yes \ > dst-port=80,443 protocol=tcp > add action=drop chain=input comment="default configuration" disabled=no > in-interface=bridge1 > /ip firewall nat > add action=masquerade chain=srcnat comment="default configuration" > disabled=no dst-address=0.0.0.0/0 src-address=192.168.88.0/24 > to-addresses=\ > 0.0.0.0 > > Thanks, > > Jerry > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20150310/c5523a3e/attachment.html > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150310/cc1f4de7/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
