I mocked a CHR up in my lab, and configured it as you've laid out here. Be aware that there is no protection enabled on this template, and it shouldn't be used for production without locking it down. Based on your comments, I took some guesses in the example, and provided methods for TRUNK ports and ACCESS ports, covering all of the VLAN you mentioned. This should give a good basis for how to accomplish the various tasks that you are looking at.
First, the proof is in the pudding, the NAT rules, with stats from the exit traffic:
[admin@MikroTik] > /ip firewall nat print stats
Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES
0 srcnat masquerade 2 068
1 srcnat masquerade 372
2 srcnat masquerade 212
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=10.169.184.0/24 out-interface=wan log=no log-prefix=""
1 chain=srcnat action=masquerade src-address=172.16.1.0/24 out-interface=wan log=no log-prefix=""
2 chain=srcnat action=masquerade src-address=192.168.40.0/23 out-interface=wan log=no log-prefix=""
Next, a series of pings to various IP addresses on the VLANS from the router.
[admin@MikroTik] > ping 172.16.1.254 count=2
SEQ HOST SIZE TTL TIME STATUS
0 172.16.1.254 56 128 0ms
1 172.16.1.254 56 128 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
[admin@MikroTik] > ping 192.168.41.253 count=2
SEQ HOST SIZE TTL TIME STATUS
0 192.168.41.253 56 64 0ms
1 192.168.41.253 56 64 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
[admin@MikroTik] > ping 10.169.184.2 count=2
SEQ HOST SIZE TTL TIME STATUS
0 10.169.184.2 56 64 0ms
1 10.169.184.2 56 64 0ms
sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms
A torch on a VLAN spanning a TRUNK
[admin@MikroTik] > /tool torch ether5-vlan10 duration=30 ip-protocol=any dst-address=0.0.0.0/0
MAC-PROTOCOL IP-PROTOCOL DST-ADDRESS TX RX TX-PACKETS RX-PACKETS
ip icmp 8.8.8.8 0bps 784bps 0 1
ip tcp 52.32.124.79 592bps 3.2kbps 1 3
ip tcp 52.85.89.207 43.9kbps 11.7kbps 9 7
ip tcp 172.217.5.238 945.9kbps 54.8kbps 86 71
ip udp 10.169.184.1 11.3kbps 4.1kbps 6 6
1001.8kbps 74.8kbps 102 88
Finally, the config that made this all happen:
# mar/08/2017 05:19:34 by RouterOS 6.39rc33
# software id =
#
/interface bridge
add name=10-office-vlan-bridge
add name=20-phone-vlan-bridge
add name=40-wifi-vlan-bridge
/interface ethernet
set [ find default-name=ether2 ] comment="local port, set to be on VLAN10 (ACCESS)"
set [ find default-name=ether3 ] comment="local port, set to be on VLAN20 (ACCESS)"
set [ find default-name=ether4 ] comment="local port, set to be on VLAN40 (ACCESS)"
set [ find default-name=ether5 ] comment="trunk port, carries VLAN10, VLAN20, and VLAN40 (TRUNK)"
set [ find default-name=ether6 ] comment="trunk port, carries VLAN10 and VLAN20 (TRUNK)"
set [ find default-name=ether1 ] name=wan
/interface vlan
add interface=ether5 name=ether5-vlan10 vlan-id=10
add interface=ether5 name=ether5-vlan20 vlan-id=20
add interface=ether5 name=ether5-vlan40 vlan-id=40
add interface=ether6 name=ether6-vlan10 vlan-id=10
add interface=ether6 name=ether6-vlan20 vlan-id=20
/ip pool
add name=10-office-pool ranges=10.169.184.2-10.169.184.254
add name=20-phone-pool ranges=172.16.1.2-172.16.1.254
add name=40-wifi-pool ranges=192.168.40.2-192.168.41.254
/ip dhcp-server
add add-arp=yes address-pool=20-phone-pool authoritative=yes disabled=no interface=20-phone-vlan-bridge lease-time=1h name=20-phone-dhcp
add add-arp=yes address-pool=40-wifi-pool authoritative=yes disabled=no interface=40-wifi-vlan-bridge lease-time=1h name=40-wifi-dhcp
add add-arp=yes address-pool=10-office-pool authoritative=yes disabled=no interface=10-office-vlan-bridge lease-time=1h name=10-office-dhcp
/caps-man manager interface
add disabled=no
/interface bridge port
add bridge=10-office-vlan-bridge interface=ether2
add bridge=10-office-vlan-bridge interface=ether5-vlan10
add bridge=10-office-vlan-bridge interface=ether6-vlan10
add bridge=20-phone-vlan-bridge interface=ether3
add bridge=20-phone-vlan-bridge interface=ether5-vlan20
add bridge=20-phone-vlan-bridge interface=ether6-vlan20
add bridge=40-wifi-vlan-bridge interface=ether4
add bridge=40-wifi-vlan-bridge interface=ether5-vlan40
/ip address
add address=10.169.184.1/24 interface=10-office-vlan-bridge network=10.169.184.0
add address=172.16.1.1/24 interface=20-phone-vlan-bridge network=172.16.1.0
add address=192.168.40.1/23 interface=40-wifi-vlan-bridge network=192.168.40.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=wan use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=10.169.184.0/24 dns-server=10.169.184.1 gateway=10.169.184.1 ntp-server=10.169.184.1
add address=172.16.1.0/24 dns-server=172.16.1.1 gateway=172.16.1.1 ntp-server=172.16.1.1
add address=192.168.40.0/23 dns-server=192.168.40.1 gateway=192.168.40.1 ntp-server=192.168.40.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wan src-address=10.169.184.0/24
add action=masquerade chain=srcnat out-interface=wan src-address=172.16.1.0/24
add action=masquerade chain=srcnat out-interface=wan src-address=192.168.40.0/23
/system ntp client
set enabled=yes primary-ntp=129.6.15.28 secondary-ntp=129.6.15.30
I hope this helps.