drpaulmartin: I will work out how to open up specific ports later and forward them where they need to go.
/ip firewall nat
add action=dst-nat chain=dstnat comment="Expose web interface of thing" disabled=yes dst-address=17.168.81.142 dst-port=446 protocol=tcp to-addresses=192.168.1.33 to-ports=443
Ok so what's this doing?!
This means that when you go https://17.168.81.142:446 you'll actually get the https web interface on 192.168.1.33:443
add action=dst-nat chain=dstnat comment="Expose web interface of thing" disabled=yes dst-address=17.168.81.142 dst-port=443 protocol=tcp to-addresses=192.168.1.33 to-ports=443
This version means you can just go https://17.168.81.142 and you'll land on the same device but then you can only do this once.
add action=dst-nat chain=dstnat comment="Expose web interface of thing" disabled=yes dst-address=17.168.81.142 dst-port=446 protocol=tcp to-addresses=192.168.1.33 to-ports=443
add action=dst-nat chain=dstnat comment="Expose web interface of thing" disabled=yes dst-address=17.168.81.142 dst-port=447 protocol=tcp to-addresses=192.168.1.34 to-ports=443
add action=dst-nat chain=dstnat comment="Expose web interface of thing" disabled=yes dst-address=17.168.81.142 dst-port=448 protocol=tcp to-addresses=192.168.1.35 to-ports=443
You might use this to expose the web interface on a number of things.
get the idea?
Open a terminal window and just run the command I've given you above, then go back into winbox and see what it did in IP firewall NAT. You'll get the idea of what it's set up and then be able to reverse it out.
Obviously you'll then need to delete my command because it won't do anything at all because your internal network is 192.168.88.0/24 and your public IP is not the one I used in my exmaple.
Oh ya... 17.168.81.142 is 'my' public fixed IP.
As for that bridge, no you don't need that. The default config acheives the same result by just setting ether2 as the master port for ether3 to 5.
I didn't actually follow what the bridge port was about in Steves example. I think he was just making the 1's drop out on to ether2 so that you can pick them up and throw them somewhere else.
Oh, and did you figure out that I gave you the back up command so you can just make a back up of your configuration before you start so you can roll back if you manage to stuff it up. That's one of the best features of this product over a consumer router. You can just backup your set up, have a play, break everything, then roll back to known good.
