Post your config and draw a network diagram
/export hide-sensitive file=anynameyouwish
# mar/01/2021 22:52:00 by RouterOS 6.47.9
# software id = V50M-CHT9
#
# model = RB4011iGS+
# serial number = D4480DA9DB22
/interface bridge
add admin-mac=08:55:31:6D:1B:27 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
set [ find default-name=sfp-sfpplus1 ] advertise=10000M-full
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=43 name=unifi value=0x0104iphex
/ip pool
add name=dhcp ranges=192.168.0.1-192.168.1.239
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus1
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=sfp-sfpplus1 list=WAN
/ip address
add address=192.168.1.254/23 comment=defconf interface=ether1 network=\
192.168.0.0
add address=wanip interface=sfp-sfpplus1 network=wanip
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf interface=sfp-sfpplus1
/ip dhcp-server network
add address=192.168.0.0/23 comment=defconf dhcp-option=unifi dns-server=\
192.168.1.254,8.8.8.8 gateway=192.168.1.254 netmask=23
/ip dns
set allow-remote-requests=yes servers=wandns,wandns
/ip dns static
add address=192.168.1.254 comment=defconf name=router.lan
/ip firewall address-list
add address=wan list=admin
add address=192.168.1.239 list=internet
/ip firewall filter
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-address=wanip dst-port=3478 \
protocol=udp to-addresses=192.168.1.254 to-ports=3478
add action=dst-nat chain=dstnat dst-address=wanip dst-port=5514 \
protocol=udp to-addresses=192.168.1.254 to-ports=5514
add action=dst-nat chain=dstnat connection-type="" dst-address=wanip \
dst-port=8080 protocol=tcp to-addresses=192.168.1.254 to-ports=8080
add action=dst-nat chain=dstnat dst-address=wanip dst-port=8443 \
protocol=tcp to-addresses=192.168.1.254 to-ports=8443
add action=dst-nat chain=dstnat dst-address=wanip dst-port=8880 \
protocol=tcp to-addresses=192.168.1.254 to-ports=8880
add action=dst-nat chain=dstnat dst-address=wanip dst-port=8843 \
protocol=tcp to-addresses=192.168.1.254 to-ports=8843
add action=dst-nat chain=dstnat dst-address=wanip dst-port=6789 \
protocol=tcp to-addresses=192.168.1.254 to-ports=6789
add action=dst-nat chain=dstnat dst-address=wanip dst-port=5656-5699 \
protocol=udp to-addresses=192.168.1.254 to-ports=5656-5699
add action=dst-nat chain=dstnat dst-address=wanip dst-port=27117 \
protocol=tcp to-addresses=192.168.1.254 to-ports=27117
add action=dst-nat chain=dstnat dst-address=wanip dst-port=1001 \
protocol=udp to-addresses=192.168.1.254 to-ports=1001
add action=dst-nat chain=dstnat dst-address=wanip dst-port=1900 \
protocol=udp to-addresses=192.168.1.254 to-ports=1900
add action=dst-nat chain=dstnat dst-address=wanip dst-port=443 \
protocol=tcp to-addresses=192.168.1.254 to-ports=443
add action=dst-nat chain=dstnat dst-address=wanip dst-port=5222 \
protocol=tcp to-addresses=192.168.1.254 to-ports=5222
add action=dst-nat chain=dstnat dst-address=wanip dst-port=5223 \
protocol=tcp to-addresses=192.168.1.254 to-ports=5223
add action=dst-nat chain=dstnat dst-address=wanip dst-port=5269 \
protocol=tcp to-addresses=192.168.1.254 to-ports=5269
add action=dst-nat chain=dstnat dst-address=wanip dst-port=5280 \
protocol=tcp to-addresses=192.168.1.254 to-ports=5280
add action=dst-nat chain=dstnat dst-address=wanip dst-port=5281 \
protocol=tcp to-addresses=192.168.1.254 to-ports=5281
add action=dst-nat chain=dstnat dst-address=wanip dst-port=5298 \
protocol=tcp to-addresses=192.168.1.254 to-ports=5298
add action=dst-nat chain=dstnat dst-address=wanip dst-port=5298 \
protocol=udp to-addresses=192.168.1.254 to-ports=5298
add action=dst-nat chain=dstnat dst-address=wanip dst-port=3478 \
protocol=tcp to-addresses=192.168.1.254 to-ports=3478
add action=dst-nat chain=dstnat dst-address=wanip dst-port=19302 \
protocol=udp to-addresses=192.168.1.254 to-ports=19302
add action=dst-nat chain=dstnat dst-address=wanip dst-port=19305 \
protocol=udp to-addresses=192.168.1.254 to-ports=19305
add action=dst-nat chain=dstnat dst-address=wanip dst-port=10001 \
protocol=udp to-addresses=192.168.1.254 to-ports=10001
add action=dst-nat chain=dstnat dst-address=wanip dst-port=80 \
protocol=tcp to-addresses=192.168.1.254 to-ports=80
add action=dst-nat chain=dstnat dst-address=wanip dst-port=80 \
protocol=udp to-addresses=192.168.1.254 to-ports=80
add action=dst-nat chain=dstnat dst-address=wanip dst-port=22 \
protocol=tcp to-addresses=192.168.1.254 to-ports=22
add action=dst-nat chain=dstnat dst-address=wanip dst-port=22 \
protocol=udp to-addresses=192.168.1.254 to-ports=22
add action=dst-nat chain=dstnat dst-address=192.168.1.254 dst-port=3478 \
protocol=udp to-addresses=wanip to-ports=3478
add action=dst-nat chain=dstnat dst-address=192.168.1.254 dst-port=5514 \
protocol=udp to-addresses=wanip to-ports=5514
add action=dst-nat chain=dstnat dst-address=192.168.1.254 dst-port=8080 \
protocol=tcp to-addresses=wanip to-ports=8080
add action=dst-nat chain=dstnat dst-address=192.168.1.254 dst-port=8443 \
protocol=tcp to-addresses=wanip to-ports=8443
add action=dst-nat chain=dstnat dst-address=192.168.1.254 dst-port=8880 \
protocol=tcp to-addresses=wanip to-ports=8880
add action=dst-nat chain=dstnat dst-address=192.168.1.254 dst-port=8843 \
protocol=tcp to-addresses=wanip to-ports=8843
add action=dst-nat chain=dstnat dst-address=192.168.1.254 dst-port=6789 \
protocol=tcp to-addresses=wanip to-ports=6789
add action=dst-nat chain=dstnat dst-port=8291 protocol=tcp to-addresses=\
192.168.1.254 to-ports=8291
add action=dst-nat chain=dstnat dst-port=10001 protocol=udp to-addresses=\
wanip to-ports=10001
/ip route
add distance=1 gateway=wanip
/ip service
set www-ssl certificate=root-cert disabled=no
/system clock
set time-zone-name=Europe/Stockholm
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN