hello, i got some problems with my router. i got an wan ip for my lan (surfing etc) and a subnet for my servers.
my bridge-dmz internet is working but the ports from outside are closed.
my bridge-lan internet is like slow and i cant do even a speedtest or something.
here is my config:
/interface ethernet
set [ find default-name=ether1 ] name=ether1-dmz
set [ find default-name=ether2 ] name=ether2-dmz
set [ find default-name=ether3 ] name=ether3-dmz
set [ find default-name=ether4 ] name=ether4-dmz
set [ find default-name=ether5 ] name=ether5-dmz
set [ find default-name=sfp1 ] auto-negotiation=no comment=\
"xxxxxxxxxxx" name=sfp1-wan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=lan-dhcp ranges=192.168.88.10-192.168.88.250
/ip dhcp-server
add address-pool=lan-dhcp disabled=no interface=bridge-lan lease-time=1h \
name=lan-dhcp
/interface bridge port
add bridge=bridge-lan interface=ether6
add bridge=bridge-lan interface=ether7
add bridge=bridge-lan interface=ether8
add bridge=bridge-lan interface=ether9
add bridge=bridge-dmz interface=ether1-dmz
add bridge=bridge-dmz interface=ether2-dmz
add bridge=bridge-dmz interface=ether3-dmz
add bridge=bridge-dmz interface=ether4-dmz
add bridge=bridge-dmz interface=ether5-dmz
/ip neighbor discovery-settings
set discover-interface-list=none
/interface ovpn-server server
set mac-address=00:00:00:00:00:01
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether10 network=\
192.168.88.0
add address=192.168.88.1/24 interface=bridge-lan network=192.168.88.0
add address=x.x.x.9/29 interface=bridge-dmz network=x.x.x.8
/ip dhcp-client
add default-route-distance=50 dhcp-options=hostname,clientid disabled=no \
interface=sfp1-wan
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=x.x.1.1,x.x.3.3 gateway=\
192.168.88.1 netmask=24
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input in-interface=sfp1-wan
add action=drop chain=input connection-state=invalid
add action=fasttrack-connection chain=forward connection-state=\
established,related
add action=accept chain=forward connection-state=\
established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat connection-state=\
new in-interface=sfp1-wan
/ip firewall mangle
add action=mark-connection chain=prerouting in-interface=bridge-lan \
new-connection-mark=src-nat-mark passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat connection-mark=src-nat-mark \
out-interface=sfp1-wan
/ip service
set telnet disabled=yes
set www-ssl certificate="Router Cert" disabled=no
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set always-allow-password-login=yes
thx very much