Greetings -
My customer has an AT&T DSL router doing phone, TV, and internet (Model 5268AC). I put the MikroTik in yesterday, by following instructions I found online to put the Tik in the DMZ+ so the WAN IP would pass to the Tik, etc. This all seemed to work fine. However, I have to open some ports on the Tik for cameras and security, and I’m not having any success with that. I know how to do port forwarding on a MikroTik, yet those ports still show blocked (by canyouseeme.org). Thoughts?
I dont know where to begin, (the fact that you are using some hacks from the internet for MT setup is alarming)
First of all, the primary router should be placed in a passthrough mode, such that a public IP is passed to the MT router. (Change the Modem/Router from the ISP into acting solely as a modem). If that is not possible then some ‘stupid’ routers and dumber ISPs state you have to use the DMZ type function in the ISP device that basically provides a NAT IP address to the MT with all ports forwarded???
In other words, I have no clue what you mean by put TK in DMZ+. You might as well be speaking Latvian 
The ISP modem routers I have come across that handle multiple ITEMS, typically have coax out for cableTV or ethernet out for TV, telephone out for telephone and four ethernet ports or so out for Internet. Typically they are on VLANs as well.
Please post your config so that we can see what has been setup so far…
/export hide-sensitive file=yourconfigjun5
EDIT: After some reading your ATT&T Pace 5268AC is a hunk of junk and it has a DMZ+ mode. The best advice I found was the following…
Call in a repair ticket ( might have to unplug RG when you call in). when the tech comes out tell the tech you would like a 599 or older 589. Most tech will not have problem as they carrier over 4 different RG on there truck at all times. In other words get rid of the 5268AC
For the lazy among us, what is this DMZ+ mode? If it forwards ports to selected device, I don’t see any reason why they couldn’t be forwarded further.
Convince us. 
Hi anav -
I apologize for my very inartfully described problem. The fact is I am NOT using internet hacks for setting up the MT. My experience with MikroTik is in the residential space only, as home routers for my clients (I own a custom AV business). I’m comfortable deploying them and creating a decent firewall, then opening ports as needed for cameras or security. Obviously there is much I do not know; this section of the forum already telegraphs that.
The primary router is one of the ‘stupid’ routers you describe, as your edit reflects. And it also has an ethernet out for the U-verse cable boxes. I have that cable feeding a separate dumb switch that has only U-verse boxes on it. My short term plan is to return to the jobsite to see about porting in the AT&T router to the MT, then again in the MT to the hosts I’m trying to reach. Failing that I will call AT&T for a different model router as you suggest.
Jim
No worries, that dumb router would be a real pain for multiple IP blocks as well.
As Sob indicated if the DMZ+ simply forwards all ports, then the MT should work for you just fine.