Make sure that /interface bridge settings use-ip-firewall is set to yes.
Use the following /ip firewall nat
add action=masquerade chain=srcnat comment="default configuration"
disabled=no src-address=192.168.88.0/24 out-interface=ether1
I assume ether1 is the 'outside' the network interface. You also need
to have an IP address on ether1 for it to be 'masqueraded to'.
On 03/10/2015 12:00 PM, Roy, Jerry wrote:
Hi Gentlemen,
Should I be able to Nat between two bridge interfaces? I keep getting timed out
when trying to ping 8.8.8.8 from the bridge 2 (ip 192.168.88.1) interface.
/ip firewall filter
add action=accept chain=input comment="Netgear Switch access" disabled=no
src-address-list="Netgear Switch Access"
add action=drop chain=input disabled=no dst-port=8443 protocol=tcp
add action=accept chain=input comment="default configuration" disabled=no
protocol=icmp
add action=accept chain=input comment="default configuration" disabled=no
dst-port=123 protocol=udp
add action=accept chain=input comment="default configuration"
connection-state=established disabled=no
add action=accept chain=input comment="default configuration"
connection-state=related disabled=no
add action=accept chain=input comment="Allow Management from MNS" disabled=no
dst-port=161 protocol=udp src-address=10.94.64.16/29
add action=accept chain=input disabled=no dst-port=22,80,443,8291 protocol=tcp
src-address=10.94.64.16/29
add action=accept chain=input disabled=no dst-port=22,80,443,8291 protocol=tcp
src-address=68.106.72.0/26
add action=accept chain=input disabled=no dst-port=22,80,443,8291 protocol=tcp
src-address=68.106.76.203
add action=accept chain=input disabled=no dst-port=22,80,443,8291 protocol=tcp
src-address=68.167.154.0/24
add action=accept chain=input disabled=no dst-port=22,80,443,8291 protocol=tcp
src-address=162.93.0.0/16
add action=accept chain=input disabled=no dst-port=22,80,443,8291 protocol=tcp
src-address=216.231.192.0/20
add action=accept chain=input comment="Used for VoIP Phone TS with Access Line VoIP
provider. Must Be DISABLED at ALL times unless TS." disabled=yes \
dst-port=80,443 protocol=tcp
add action=drop chain=input comment="default configuration" disabled=no
in-interface=bridge1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=no
dst-address=0.0.0.0/0 src-address=192.168.88.0/24 to-addresses=\
0.0.0.0
Thanks,
Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20150310/c5523a3e/attachment.html>
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
