I am trying to configure a mikrotik router in order to act as a transparent bridge but in a way it can be accessed for remote monitoring. For testing purposes I am trying to pass all packets but redirect the port 80 to the router itself.

I created a bridge, added the ports 4 and 5, and assigned it an IP (192.168.89.1).

Then, at bridge NAT I added a dstnat rule to the bridge that matches protocol TCP and port 80 with the action "redirect". The counter shows it is catching the packets.

Then, at firewall I created a NAT rule. Dstnat, protocol tcp, port 80, action redirect, port 80. The counter indicates it is catching the packets but I never receive an answer.

I also tried dst-nat to (192.168.89.1:80) instead of redirect with the same results...


The idea is to transparently pass all traffic throug the bridge no mather the ip but if the traffic is destinated to a specific port, it should be natted to the router IP address and answered by it with the original IP, but the router itself does not have internet access because it has not a valid IP address. I want it only answers some packets.

I am trying to pass all packets but redirect the port 80

You don't have to route port 80, this is default in router board. Just put ip address assigned below in browser address bar.

I created a bridge, added the ports 4 and 5, and assigned it an IP

Good

the router itself does not have internet access because it has not a valid IP address

No traffic will come from the router unless it is routed through or bridged. Router board does not generate internet traffic.

In firewall nat create a rule with outgoing interface selected. Should be it.

I am trying to pass all packets but redirect the port 80

You don't have to route port 80, this is default in router board. Just put ip address assigned below in browser address bar.

What I want to do is to pass the internet ip address directly to a computer or router but keep the port 80 (or another port) of the mikrotik for itself (for administration purposes).

Something like this:

Original scenario:
cablemodem----------->router (The router has a real internet ip address)

Adding mikrotik:
cablemodem----->mikrotik------>router (this router with the REAL internet IP address provided by the cablemodem, NOT a private IP provided by mikrotik)

I can do this by bridging 2 ports, but I also want to keep the hability to configure remotely the mikrotik.

Few ways to accomplish this. What i would probably do is not bridge anything in mikrotik. Give public ip to mikrotik and internal ip to other port of mikrotik and router. Then in mikrotik first do dst-nat port 80 to mikrotik ip. Then do dest nat to route every thing to router internal ip and do masquerade with mikrotik port with public ip as outgoing interface.

Few ways to accomplish this. What i would probably do is not bridge anything in mikrotik. Give public ip to mikrotik and internal ip to other port of mikrotik and router. Then in mikrotik first do dst-nat port 80 to mikrotik ip. Then do dest nat to route every thing to router internal ip and do masquerade with mikrotik port with public ip as outgoing interface.

Yes, but the masqueraded network will not get a public ip address. I am searching for a way to make it totally transparent. But I am thinking it will not be possible.

Yes, but the masqueraded network will not get a public ip address.

True. However, with this setup, if you enter your public ip on the internet, it will be routed to your masqueraded network, totally transparent. You wont even know it is your masqueraded ip. For all intents it will appear like your public ip.