No luck adding those. I already tried those. I also know that the DMZ does work properly for VPN traffic. I had this box working a week or two ago and then reset to defaults and now I can't get it back working again... very frustrating. If I forward the ports on another router, it works fine, so it's definitely the router.
INTERNET---> 2WireGateway ---- DMZ----->RB750G-----> Server & other clients.
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=ether2-local
actual-interface=bridge
1 D address=172.16.1.64/24 network=172.16.1.0 broadcast=172.16.1.255 interface=ether1-gateway
actual-interface=ether1-gateway
/ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=172.16.1.254 gateway-status=172.16.1.254 reachable ether1-gateway distance=1
scope=30 target-scope=10
1 ADC dst-address=172.16.1.0/24 pref-src=172.16.1.64 gateway=ether1-gateway gateway-status=ether1-gateway reachable
distance=0 scope=10
2 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge gateway-status=bridge reachable distance=0
scope=10
/ip firewall export
# jan/02/1970 01:44:39 by RouterOS 4.11
# software id = AC6L-1CI9
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat comment="Added by webbox" disabled=no out-interface=ether1-gateway
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=3389 protocol=tcp to-addresses=192.168.88.254 to-ports=\
3389
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=1723 protocol=tcp to-addresses=192.168.88.1 to-ports=\
1723
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
The thing is it was working just a week ago, but I couldn't get port forwarding to work (VPN worked awesome.) so I switched to another router in the meantime while I got this one figured out.