Bridging an L2 Segment Across The Internet Using Mikrotik
So what happens when your coworker has a DVR at home that can stream video, but it can stream it only to the local subnet? Well, if like us, you need to watch the world cup, then you get creative. Mikrotik to the rescue! We are going to use Ethernet over IP tunnels to connect two Mikrotiks, then bridge our inside interfaces so that we have an extension to our L2 segment!
Here’s our current configuration:
Weeeeeeeee
To configure the “work” side, do the following:
First go to interface and hit the +. Add an EoIP tunnel. Set the “remote address” as the public IP of the home router:
Then go to bridge and hit the +. Leave bridge1 at its default and hit ok:
Now, add the EoIP tunnel interface and the Ether2 interface into bridge 1:
Repeat your actions for the home side identically save for the IP address the EoIP tunnel is pointing towards.
Here’s a rough diagram of how it looks when done:
Red is the new stuff.
Here’s a look at how it logically is configured once it is all said and done. Notice it is like we just have a switch in between the devices:
Super complicated diagram
Happy bridging…welcome to 1991 hehehehe 🙂
GO USA!!!!!!!!!!!
Couple of comments/notes:
1) As an alternate solution you should be able to a src-nat rule that caused traffic going from the router to the DVR to be masqueraded as the router (removing the need for a bridge as the device believes it’s talking to a local host)
Eg:
add action=dst-nat chain=dstnat comment=”external to DVR” disabled=no dst-address=1.1.1.1 dst-port=80 protocol=tcp to-addresses=192.168.10.250
add action=src-nat chain=srcnat comment=”” disabled=no dst-address=192.168.10.250 dst-port=80 protocol=tcp to-addresses=192.168.250.1
obv. change address/protocols to match what the DVR uses.
2) Naughty naughty using 1.1.1.1 for documentation(*) as it’s being allocated now, the poor people trying to use it have to cope with a huge amount of bandwidth already! Source: http://www.potaroo.net/studies/1slash8/1slash8.html
(*) I’m just informin, please don’t take this offensively ^_^
Indeed this would be an option, though the software client uses either broadcast or multicast to find the DVR, so it actually isn’t an option 😉 If it is using multicast, I could also have done an IPIP tunnel and enabled multicast routing to go along with the natting, if the unit was in-fact using multicast…oooorrrrr I could forgo all that trouble and just bridge it…hehehe 😛
Point taken 🙂
😛