MikroTik

Hi, I've bought an RB2011UiAS-RM for my home, I have a DSL connection. I've already bought an adsl ethernet modem, and I was thinking about a double NAT setup.

Regarding ports, I'd like to use a fast ethernet port as a wan port, since adsl will be 7M, I don't want to use a gigabit port.

I've read http://wiki.mikrotik.com/wiki/How_to_Co ... _xDSL_Line , but I need to
- use all ports as a switch
- just have a wan port, not needing pppoe since I'll have double nat

From http://forum.mikrotik.com/viewtopic.php?f=3&t=63372

And if 100M is enough for your WAN port you can consider the following scenario as an alternative:
1. Set master port for ports 1, 6 and 10 to none.
2. Set master port for ports 2-5 to ether1.
3. Set master port for ports 7-9 to ether6.
4. Make ether1 and ether6 a part of the bridge (bridge-local).

This way you will have ether10 as your WAN port and bridge-local as your LAN port. 1G ports 1-5 are hardware-switched together, 100M ports 6-9 are hardware switched together as well, and these to groups of hardware switched ports are software bridged.

At this moment, for example, if adsl modem is 10.0.0.1 , do I need to set ether10 to something like 10.0.0.2 and bridge-local to something like 192.168.1.1 if my lan will be 192.168.1.0/24 ?

Then I need to setup NAT, dhcp, masquerading, routes, and a firewall, I've read there are some articles in the wiki, at the moment I'm a bit confused regarding them
I'll have a surveillance camera too, should I create a DMZ ?

Am I wrong about something?

Thank you all !

You are right about the part of the network between the modem and the Routerboard.
You only do need 1 different IP range on the local-bridge. This will be your local LAN.
So if you want 192.168.0.0/24 for LAN, put 192.168.0.1 on the bridge.
Let DHCP give this as DNS/Gateway address.

Sorry, that was a typo, I corrected my post to 192.168.1.0 instead of .0.0
Anyway, assuming the part regarding usage of ports is fine, other suggestions regarding the rest (nat,firewall, routing...) ?

offtopic:
why would you double NAT?
why not activate bridge mode in adsl router and leave the NAT to the RB?

Why double NAT?

1) I'd like to access the modem web interface, and doing that with bridged modem seems complex and sometimes unreliable (or, at least, I've not googled well, things like http://www.dd-wrt.com/wiki/index.php/Ac ... figuration)

2) Better security in case I'll do something wrong configuring the RB ...

If I am wrong about something, please correct me since I'm a newbie