Конфиг такой:
/interface bridge
add l2mtu=1598 name=Bridge_local_100mb
/interface ethernet
set [ find default-name=ether1 ]
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
set [ find default-name=ether10 ]
set [ find default-name=sfp1 ]
/ip neighbor discovery
set ether1
set ether2
set ether3
set ether4
set ether10
set sfp1 discover=\
no
/ip pool
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.154
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Bridge_local_100mb name=dhcp1
/port
set 0 name=serial0
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 \
dial-on-demand=no disabled=no interface=sfp1 keepalive-timeout=60 max-mru=\
1480 max-mtu=1480 mrru=1600 name=pppoe-100mb password= profile=\
default service-name="" use-peer-dns=yes user=
/ip neighbor discovery
set pppoe-100mb discover=no
/interface bridge port
add bridge=Bridge_local_100mb interface=ether1
add bridge=Bridge_local_100mb interface=ether10
/ip address
add address=192.168.1.1/24 interface=ether1 network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1,8.8.8.8,8.8.4.4 gateway=\
192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=forward comment="Accept established connections My Network" \
connection-state=established
add chain=input comment="Accept established connections Mikrotik" \
connection-state=established
add chain=forward comment="Accept related connections My Network" \
connection-state=related
add chain=input comment="Accept related connections Mikrotik" connection-state=\
related
add action=drop chain=input comment="Drop invalid connections Mikrotik" \
connection-state=invalid
add action=drop chain=forward comment="Drop invalid connections My Network" \
connection-state=invalid
add action=drop chain=input comment="Drop flood on port 53" dst-port=53 \
in-interface=pppoe-100mb protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-100mb
add action=dst-nat chain=dstnat comment=FTP-server dst-port=21,22,4000-5000 \
in-interface=pppoe-100mb protocol=tcp to-addresses=192.168.1.2
add action=dst-nat chain=dstnat comment="Camera 53" dst-port=15961 \
in-interface=pppoe-100mb protocol=tcp to-addresses=192.168.1.198 to-ports=\
15961
add action=dst-nat chain=dstnat comment="Camera 54" dst-port=15962 \
in-interface=pppoe-100mb protocol=tcp to-addresses=192.168.1.198 to-ports=\
15962
add action=dst-nat chain=dstnat comment="Camera 55" dst-port=15963 \
in-interface=pppoe-100mb protocol=tcp to-addresses=192.168.1.198 to-ports=\
15963
add action=dst-nat chain=dstnat comment=PPTP dst-port=1723 in-interface=\
pppoe-100mb protocol=tcp to-addresses=192.168.1.2 to-ports=1723
add action=dst-nat chain=dstnat comment=L2TP dst-port=1701 in-interface=\
pppoe-100mb protocol=udp to-addresses=192.168.1.2 to-ports=1701
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/lcd
set backlight-timeout=never default-screen=informative-slideshow
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=91.226.136.139 secondary-ntp=88.147.254.229
/system routerboard settings
set cpu-frequency=750MHz
/tool graphing interface
add allow-address=192.168.1.0/24
/tool graphing queue
add
/tool graphing resource
add
add l2mtu=1598 name=Bridge_local_100mb
/interface ethernet
set [ find default-name=ether1 ]
set [ find default-name=ether2 ] master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
set [ find default-name=ether10 ]
set [ find default-name=sfp1 ]
/ip neighbor discovery
set ether1
set ether2
set ether3
set ether4
set ether10
set sfp1 discover=\
no
/ip pool
add name=dhcp_pool1 ranges=192.168.1.100-192.168.1.154
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=Bridge_local_100mb name=dhcp1
/port
set 0 name=serial0
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 \
dial-on-demand=no disabled=no interface=sfp1 keepalive-timeout=60 max-mru=\
1480 max-mtu=1480 mrru=1600 name=pppoe-100mb password= profile=\
default service-name="" use-peer-dns=yes user=
/ip neighbor discovery
set pppoe-100mb discover=no
/interface bridge port
add bridge=Bridge_local_100mb interface=ether1
add bridge=Bridge_local_100mb interface=ether10
/ip address
add address=192.168.1.1/24 interface=ether1 network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1,8.8.8.8,8.8.4.4 gateway=\
192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add chain=forward comment="Accept established connections My Network" \
connection-state=established
add chain=input comment="Accept established connections Mikrotik" \
connection-state=established
add chain=forward comment="Accept related connections My Network" \
connection-state=related
add chain=input comment="Accept related connections Mikrotik" connection-state=\
related
add action=drop chain=input comment="Drop invalid connections Mikrotik" \
connection-state=invalid
add action=drop chain=forward comment="Drop invalid connections My Network" \
connection-state=invalid
add action=drop chain=input comment="Drop flood on port 53" dst-port=53 \
in-interface=pppoe-100mb protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-100mb
add action=dst-nat chain=dstnat comment=FTP-server dst-port=21,22,4000-5000 \
in-interface=pppoe-100mb protocol=tcp to-addresses=192.168.1.2
add action=dst-nat chain=dstnat comment="Camera 53" dst-port=15961 \
in-interface=pppoe-100mb protocol=tcp to-addresses=192.168.1.198 to-ports=\
15961
add action=dst-nat chain=dstnat comment="Camera 54" dst-port=15962 \
in-interface=pppoe-100mb protocol=tcp to-addresses=192.168.1.198 to-ports=\
15962
add action=dst-nat chain=dstnat comment="Camera 55" dst-port=15963 \
in-interface=pppoe-100mb protocol=tcp to-addresses=192.168.1.198 to-ports=\
15963
add action=dst-nat chain=dstnat comment=PPTP dst-port=1723 in-interface=\
pppoe-100mb protocol=tcp to-addresses=192.168.1.2 to-ports=1723
add action=dst-nat chain=dstnat comment=L2TP dst-port=1701 in-interface=\
pppoe-100mb protocol=udp to-addresses=192.168.1.2 to-ports=1701
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/lcd
set backlight-timeout=never default-screen=informative-slideshow
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=91.226.136.139 secondary-ntp=88.147.254.229
/system routerboard settings
set cpu-frequency=750MHz
/tool graphing interface
add allow-address=192.168.1.0/24
/tool graphing queue
add
/tool graphing resource
add
С 10-го порта нужен только интернет, общение с другими портами ненужно.
Если я удалю бридж, выдам другую подсеть для 10-го порта и просто настрою нат - нагрузка на проц станет немного меньше?