The firewall filter rules are all input, so they have no bearing on this issue. The “to-addresses=0.0.0.0” looks wrong to me — at the very best it should be 0.0.0.0/0, and at worst it shouldn’t be thre at all (perhaps out-interface instead). This problem would be a lot clearer if you included exports of /ip address and /int bridge.
On Mar 10, 2015, at 10:00 AM, Roy, Jerry <[email protected]> wrote: > Hi Gentlemen, > > Should I be able to Nat between two bridge interfaces? I keep getting timed > out when trying to ping 8.8.8.8 from the bridge 2 (ip 192.168.88.1) interface. > > /ip firewall filter > add action=accept chain=input comment="Netgear Switch access" disabled=no > src-address-list="Netgear Switch Access" > add action=drop chain=input disabled=no dst-port=8443 protocol=tcp > add action=accept chain=input comment="default configuration" disabled=no > protocol=icmp > add action=accept chain=input comment="default configuration" disabled=no > dst-port=123 protocol=udp > add action=accept chain=input comment="default configuration" > connection-state=established disabled=no > add action=accept chain=input comment="default configuration" > connection-state=related disabled=no > add action=accept chain=input comment="Allow Management from MNS" disabled=no > dst-port=161 protocol=udp src-address=10.94.64.16/29 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=10.94.64.16/29 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.106.72.0/26 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.106.76.203 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.167.154.0/24 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=162.93.0.0/16 > add action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=216.231.192.0/20 > add action=accept chain=input comment="Used for VoIP Phone TS with Access > Line VoIP provider. Must Be DISABLED at ALL times unless TS." disabled=yes \ > dst-port=80,443 protocol=tcp > add action=drop chain=input comment="default configuration" disabled=no > in-interface=bridge1 > /ip firewall nat > add action=masquerade chain=srcnat comment="default configuration" > disabled=no dst-address=0.0.0.0/0 src-address=192.168.88.0/24 to-addresses=\ > 0.0.0.0 > > Thanks, > > Jerry > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150310/c5523a3e/attachment.html> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
