I am trying to configure a multiport WAN interface as a software bridge, such that I can have multiple hosts connecting into these ports share a single collision domain. This will allow me to have the WAN interface of my routerboard act as a Torch/Network Tap for purposes of Ethereal, SIP Tracing, Intrusion Detection, etc. with an external host doings such functions.

The Cable Modem connected to to one of these ports will assign multiple IP addresses (up to 3)

I am trying to grab ONE of these 3 IPs and also NAT/Firewall it to another port.

I am not concerned with switching anything. It is as if I want 4 WAN bridged ports, and one LAN port.

Can it be done?

-=Francois=-

I would hardware switch them with a TAP or Mirror port for your monitoring. No CPU load then since you are not wishing to do much with the ROuterOS. It will just make it a managed switch then.

Do you think I could configure the RB750G in the following way:

Port 1 goes to my cable modem
Port 2 goes to my VoIP PBX
Port 3 goes to my home LAN switch
Port 1 is NATTTed into Port 3 for my home LAN
Port 4 is designated as Mirror for port 1 and 2
Port 5 is looped back with an Ethernet jumper to Port 4
Port 5 is sent to a Metarouter instance of Router OS inside Router OS
The metarouter would run Torch, traffic measurement, and if I want to Ethereal using an external unix box, all I do is disconnect Port 4 from port 5
and connect Port 4 to my Linux computer for monitoring what goes on on Port 1 and Port 2.
Even if Port 1 also grabs and IP and NATs it on Port 3

What is important to understand is that my cable modem will give me more than one public IP, if I do a 2nd DHCP request from a different MAC, it'll give me another public IP

This way my VoIP PBX gets a public IP, so does my RB570G for purposes of NATting all my computers on my home LAN from Port 3 onto Port 1.

And this way I can from Port 4 run a SIP protocol tracer and see what my PBX on Port 2 is sending on the Internet

and I will not bore you with the fact that my ultimate objective is to put a SIP proxy inside a Metarouter such as to Proxy-authenticate my PBX via the meta router instance running a SIP proxy... this will come later.

So do you think that I can get the above configuration working.

Do you teach this stuff in your classes... I'm just about to make my mind about a Mikrotik class for wild gooses like me.

Cheers.

F.

Reply to me.

I have gotten the network tap thing going just fine by mirroring my wan interface onto port 5
putting port 2 and 3 as slave to port 1
putting port 4 in isolation, not as part of a switch group
by doing set ether4 master=none
putting a dhcp client on port 1
putting a dhcp server on port 4
adding my nat and port forward rules

Now I can see my IP PBX traffic on port 2 as well as my internal LAN traffic going through the wan by plugging a linux box on port 5 with wireshark

so cool