I dont really get why use VLANs for a simple passthrough...
When SXTLTE3-7/LHGR with only one interface do a passthrough then we loose a connectivity via WinBox.
I use a vlans as simple way to separate passthrough interface from management who can grab internet and provide internet for himself.
Of course we have RoMON but you must have additional device to use it and you not connect directly PC and RoMON device (Maybe in future of WinBox).
The reason his setup is not working is most likely to a missconfiguration...
I'm also stuck a bit with the doubel NAT issue.
Provide us a /export from HEX, the client of internet provided from LHGR.
Passthrough is simplify the DHCP-Server who provide IP Address on particular interface. This mean the HEX must have got a DHCP-Client on interface with LHGR.
You should read more documentation at MikroTIk wiki but.. I write answers.
I'm working my way trough the setup with a few questions remaining:
1/ on the LTE assume NAT: off,
With Passthrough NAT at LHGR is not used.
In normal config the NAT is used.
2/ in the LTE APN setup: do NOT add default route.
WHY? In any setup you must add default route. The way can be automatical or by hand when you must use a gateway=lte1 (It's not possible to give here IP)
3/ Route list now shows ether 1 reachable on both the the WAN (4g) dynamic address and the local ether1 address.
When? With what config? On what device. Re-Write the Question.
Normal setup give you two routes in LHGR. Passthrough mode now show you any of route's base at lte1.
4/ must the ether 1 address on the LTE be in a different range as the Host hex ? (Host hex has 192.168.88.0 and LTE now has 192.168.77.0)
What? LTE interface means lte1 reach IP from your ISP. Please not write about LHGR as LTE or use "LTE device".
This is so basic... answer is YES and NO, it depends what you plan to do.
In Normal mode at LHGR he can give you adressing, or reach ONLY IP address form your dhcp-server.
Magic is with route-ing, where is access to 0.0.0.0/0, via lte1 interface or maybe by IP "shared" with hex.
This is MikroTik ROS, you can do many stuff.
5 Assume on the host hex the DHCP client needs to have default route added ?
Means a client of hex, yes if wish share IP address, DNS, Dhcp options, Gatewat and maybe internet too. They must be connected too and his device must have got a working dhcp-client.
6/ in my mangle rules on hex I'm now not able to add a addressed route by IP number for the LTE wan (as dynamic). I need to input an interface name. This is not advised. Is this an issue.
I Pass to check those, other time.
But please read, analyze, learn from this:
7/ Are the filter rules on the LTE still of any use ? Imagine the filtering is now all done in the hex.
In normal setup the Firewall should protect you when you have got a Public IP at lte1 interface.
In Passthrough mode the firewall is not that important.