I did now, but same issue.
Jerry Roy 949.681.5054 jerry....@toltsolutions.com -----Original Message----- From: mikrotik-boun...@mail.butchevans.com [mailto:mikrotik-boun...@mail.butchevans.com] On Behalf Of Josh Luthman Sent: Tuesday, March 10, 2015 10:03 AM To: Mikrotik discussions Subject: Re: [Mikrotik] Nat a bridge interface? Did you enable IP firewall for the bridge? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, Mar 10, 2015 at 1:00 PM, Roy, Jerry <jerry....@toltsolutions.com> wrote: > Hi Gentlemen, > > Should I be able to Nat between two bridge interfaces? I keep getting > timed out when trying to ping 8.8.8.8 from the bridge 2 (ip > 192.168.88.1) interface. > > /ip firewall filter > add action=accept chain=input comment="Netgear Switch access" > disabled=no src-address-list="Netgear Switch Access" > add action=drop chain=input disabled=no dst-port=8443 protocol=tcp add > action=accept chain=input comment="default configuration" disabled=no > protocol=icmp add action=accept chain=input comment="default > configuration" disabled=no > dst-port=123 protocol=udp > add action=accept chain=input comment="default configuration" > connection-state=established disabled=no add action=accept chain=input > comment="default configuration" > connection-state=related disabled=no > add action=accept chain=input comment="Allow Management from MNS" > disabled=no dst-port=161 protocol=udp src-address=10.94.64.16/29 add > action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=10.94.64.16/29 add action=accept chain=input > disabled=no dst-port=22,80,443,8291 protocol=tcp > src-address=68.106.72.0/26 add action=accept chain=input disabled=no > dst-port=22,80,443,8291 protocol=tcp src-address=68.106.76.203 add > action=accept chain=input disabled=no dst-port=22,80,443,8291 > protocol=tcp src-address=68.167.154.0/24 add action=accept chain=input > disabled=no dst-port=22,80,443,8291 protocol=tcp > src-address=162.93.0.0/16 add action=accept chain=input disabled=no > dst-port=22,80,443,8291 protocol=tcp src-address=216.231.192.0/20 add > action=accept chain=input comment="Used for VoIP Phone TS with Access > Line VoIP provider. Must Be DISABLED at ALL times unless TS." disabled=yes \ > dst-port=80,443 protocol=tcp > add action=drop chain=input comment="default configuration" > disabled=no > in-interface=bridge1 > /ip firewall nat > add action=masquerade chain=srcnat comment="default configuration" > disabled=no dst-address=0.0.0.0/0 src-address=192.168.88.0/24 > to-addresses=\ > 0.0.0.0 > > Thanks, > > Jerry > -------------- next part -------------- An HTML attachment was > scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20150310/c55 > 23a3e/attachment.html > > > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20150310/cc1f4de7/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
