[HECnet] UDP filter chain for bridge

Hi guys, I'm having some problems configuring my new Mikrotik RouterBoard RB2011UAS-2HnD-IN which is a great multiport router with wireless. However, it runs RouterOS which is fantastic, highly configurable and mostly beyond me! I have managed to hook up a Netgear DM111PSP ADSL modem in bridge mode so that the MikroTik box is the ADSL end point. I have configured the router to allow HTTP and SSH traffic through the router but am struggling getting the rules right for the UDP routing and firewall configuration. I wondered whether there were folks out that who could shed some light. In my naive little brain I can see how configuration using IP chains is similar to how linux can be configured to provide the same functionality. The router is on 192.168.1.2 and the HP microserver running Johnny's bridge is 192.168.1.126 Here are the forwarding rules I have: /ip firewall filter add chain=forward comment="default configuration" connection-state=established add chain=forward comment="default configuration" connection-state=related add chain=forward comment="Allow UDP connection to hpm from internet" dst-address=192.168.1.126 dst-port=4711 in-interface=pppoe-wan protocol=\ udp add action=log chain=forward comment="Log everything else" log-prefix="IPv4 Drop forward:" add action=drop chain=forward comment="default configuration" connection-state=invalid add chain=input comment="default configuration" protocol=icmp add chain=input comment="default configuration" connection-state=established in-interface=pppoe-wan add chain=input comment="default configuration" connection-state=related in-interface=pppoe-wan ; Forward UDP bridge requests to HPM running the bridge add chain=input comment="bridge traffic on 4711" dst-address=192.168.1.126 dst-port=4711 in-interface=pppoe-wan protocol=udp add action=log chain=input comment="Log everything else" disabled=yes log-prefix="IPv4 Drop input:" add action=drop chain=input comment="default configuration" in-interface=pppoe-wan /ip firewall nat add action=masquerade chain=srcnat comment="default configuration" out-interface=pppoe-wan ; Forward webserver requests to SLAVE add action=dst-nat chain=dstnat comment="Forward tcp:80 to slave" dst-address=92.27.220.250 dst-port=80 protocol=tcp to-addresses=192.168.1.229 \ to-ports=80 ; Connect SSH/SFTP requests through to SLAVE add action=dst-nat chain=dstnat comment="Forward ssh to slave" dst-address=92.27.220.250 dst-port=22 protocol=tcp to-addresses=192.168.1.229 \ to-ports=22 ; Connect UDP requests on port 4711 to HPM running bridge add action=dst-nat chain=dstnat comment="Forward bridge udp to hpm" dst-address=92.27.220.250 dst-port=4711 protocol=udp to-addresses=\ 192.168.1.126 to-ports=4711 When I turn on logging before the drop rule I get the following IPv4 Drop input: input: in:bridge-local out:(none), src-mac b4:99:ba:bf:46:e3, proto UDP, 192.168.1.126:41301->192.168.1.2:53, len 57 Any ideas folks? Thanks in advance, Mark.