Hi there, I'm new to MikroTik.

I have an RB3011. We have a public IP Address block (200.54.XXX.208-214.

the .210 is the first public IP, gateway is .209. Behind .210 (ether01) is a NAT forward towards the classic 192.168.1.X. Inside the network, there is a VMWare, one of the servers is a WIN2016 with two network cards, one with the IP 192.168.1.11 (ether06) and the other with 200.54.XXX.214 (ether10). ether05 has also the network address 200.54.XXX.214.

How can I make that all network traffic in the public that goes to the .214 on ether05, goes to .214 on ether10, and in that way, using the MT to bridge both ports and have a firewall in between. Is this possible?

Thanks

If you want a firewall in between you can use bridge filtering. Alternatively, just use NAT to translate .214 to the 192.168.1.0/24 address of the server.

I'd strongly recommend against dual-homing a server between your Internet side and your LAN side. If that machine is compromised it will have unilateral access to the LAN. While the risk are possibly the same by using a 1:1 NAT I think you'll find much better visibility.

If you insist on bridging the Internet connection it's fairly easy to do, remove .214 from the MikroTik and create a bridge for the Internet similar to LAN. Add eth5 (if that's your Internet port) and eth10 to the bridge. Configure VMware to use that Ethernet port for a vswitch that is different than your 192.168.1.0/24 vswitch. (possibly a port-group will do, my vmware is a bit rusty). You can then enable a bridge filter to watch traffic that crosses the bridged interface to set some restrictions.

TLDR; use 1:1 NAT unless you really can't for a specific and well-understood technical reason and then don't dual leg the server unless you absolutely have to for similar reasons. Your request really should be the last possible solution.