Bridge ip firewall

Xand · Sat Feb 01, 2014 11:13 pm

I have a setup with guest wlan2 bridged with vlan on top of another bridge. Ether1 is connected to a router (gw), where same vlan is created on top of the bridge. I don't have any firewall rules configured on RB951G-2HnD.
The moment I turn on:
use-ip-firewall: yes
use-ip-firewall-for-vlan: yes
wireless guest won't be able to connect to the internet, even if I will create 3 firewall rules under bridge to accept all forward/in/out.

How to get bridge to pass traffic with fw on?

Thank you.

[admin@MikroTik] > export compact
# feb/02/2014 00:24:09 by RouterOS 6.9

/interface bridge
add admin-mac=00:0C:42:E8:FC:32 auto-mac=no l2mtu=4074 name=bridge0 protocol-mode=none
add admin-mac=00:0C:42:E8:FC:99 auto-mac=no l2mtu=4070 name=bridge1 protocol-mode=none

/interface ethernet
set [ find default-name=ether1 ] l2mtu=4074 speed=1Gbps
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2

/interface vlan
add interface=bridge0 l2mtu=4070 name=vlan99 vlan-id=99

/interface ethernet switch port
set 0 vlan-mode=fallback

set [ find default-name=wlan1 ] ... mode=ap-bridge .. wireless-protocol=802.11 wmm-support=enabled
add ... master-interface=wlan1 name=wlan2...

/interface bridge port
add bridge=bridge0 interface=wlan1
add bridge=bridge1 interface=vlan99
add bridge=bridge1 interface=wlan2
add bridge=bridge0 interface=ether2
add bridge=bridge0 interface=ether1

/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=bridge0
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=bridge1

/ip firewall connection tracking
set enabled=auto

Xand · Sun Feb 09, 2014 4:19 am

I want to clarify the problem - traffic is blocked over second (top) bridge - bridge1.
Bridge0 is not blocked. Is it a normal behavior

Thank you.

Bridge ip firewall

Bridge ip firewall

Re: Bridge ip firewall