I bought MikroTik RB751U-2HnD because I wanted more serious router. But now I have problems setting it up. I successfully connected my router to internet (PPPoE client) and I can ping sites from it, but I have no idea how to set up NAT correctly so my local devices would have access to internet. It just seems that everything I do is wrong.
Please help me, here is some info that you probably need:
Thank you so much![admin@MikroTik] /ip hotspot service-port>> /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=192.168.88.1/24 network=192.168.88.0 interface=bridge-local
actual-interface=bridge-local
1 D address=90.157.193.99/32 network=212.18.32.174 interface=pppoe-out1
actual-interface=pppoe-out1
2 address=212.18.32.174/32 network=212.18.32.174 interface=pppoe-out1
actual-interface=pppoe-out1
[admin@MikroTik] /ip hotspot service-port>> /ip route print detail
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=212.18.32.174
gateway-status=212.18.32.174 reachable via pppoe-out1 distance=1
scope=30 target-scope=10
1 ADC dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge-local
gateway-status=bridge-local reachable distance=0 scope=10
2 ADC dst-address=212.18.32.174/32 pref-src=90.157.193.99 gateway=pppoe-out1
gateway-status=pppoe-out1 reachable distance=0 scope=10
[admin@MikroTik] /ip hotspot service-port>> /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU
0 R ether1 ether 1500 1600 4076
1 R ether2 ether 1500 1598 2028
2 ether3-slave-local ether 1500 1598 2028
3 ether4-slave-local ether 1500 1598 2028
4 ether5-slave-local ether 1500 1598 2028
5 wlan1 wlan 1500 2290
6 R bridge-local bridge 1500 1598
7 R pppoe-out1 pppoe-out 1480
[admin@MikroTik] /ip hotspot service-port>> /ip firewall export
# jan/02/1970 00:14:59 by RouterOS 5.12
# software id = XD8N-S2L6
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1
add action=accept chain=input comment="default configuration" disabled=no \
protocol=icmp
add action=accept chain=input comment="default configuration" \
connection-state=established disabled=no
add action=accept chain=input comment="default configuration" \
connection-state=related disabled=no
add action=drop chain=input comment="default configuration" disabled=no \
in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1
add action=src-nat chain=srcnat disabled=no src-address=192.168.0.0/24 \
to-addresses=212.18.32.174
add action=dst-nat chain=dstnat disabled=no dst-address=212.18.32.174 \
to-addresses=192.168.0.2-192.168.0.254
add action=src-nat chain=srcnat disabled=no src-address=\
192.168.0.2-192.168.0.254 to-addresses=212.18.32.174
add action=dst-nat chain=dstnat disabled=no dst-address=212.18.32.174 \
to-addresses=192.168.88.2-192.168.88.254
add action=src-nat chain=srcnat disabled=no src-address=\
192.168.88.2-192.168.88.254 to-addresses=212.18.32.174
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ether1
add action=src-nat chain=srcnat disabled=no src-address=192.168.0.0/24 \
to-addresses=212.18.32.174
add action=dst-nat chain=dstnat disabled=no dst-address=212.18.32.174 \
to-addresses=192.168.0.2-192.168.0.254
add action=src-nat chain=srcnat disabled=no src-address=\
192.168.0.2-192.168.0.254 to-addresses=212.18.32.174
add action=dst-nat chain=dstnat disabled=no dst-address=212.18.32.174 \
to-addresses=192.168.88.2-192.168.88.254
add action=src-nat chain=srcnat disabled=no src-address=\
192.168.88.2-192.168.88.254 to-addresses=212.18.32.174
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
[admin@MikroTik] /ip hotspot service-port>> /ip hotspot export
# jan/02/1970 00:15:08 by RouterOS 5.12
# software id = XD8N-S2L6
#
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip hotspot service-port
set ftp disabled=no ports=21