First post, but I've searched the forum without much luck. I'm somewhat technical on the software side, not a network engineer though so the mikrotik is really at the edge of my abilities. Anyway, I have a Lockly deadbolt which comes with a small wifi interface that separately plugs into the wall nearby to bridge the lock to the internet. With my old EdgeMax router I had no issues with this little device, but with the mikrotik it just can't connect to its backend for some reason. I checked the DHCP leases and it is picking up an IP address from the mikrotik, but that's about it. I have a pretty plain vanilla setup except I have the mikrotik setup with a primary net connection to my cable modem with a backup connection on a Netgear cellular modem. I also have the remote winbox stuff setup so I can get to it when I'm away. *Any* pointers would be much appreciated!
Here's the config from the export with some obfuscations here and there:
[admin@MikroTik] > /export hide-sensitive
# mar/21/2021 20:04:04 by RouterOS 6.48.1
# software id = 206L-N8ZR
#
# model = RB750Gr3
# serial number = xxxxxxxxxxxxxxxx
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] mac-address=XX:XX:XX:XX:XX:XX name=\
"ether1 - Spectrum WAN"
set [ find default-name=ether2 ] mac-address=XX:XX:XX:XX:XX:XX name=\
"ether2 - ATT (cell) WAN"
set [ find default-name=ether3 ] mac-address=XX:XX:XX:XX:XX:XX
set [ find default-name=ether4 ] mac-address=XX:XX:XX:XX:XX:XX
set [ find default-name=ether5 ] mac-address=XX:XX:XX:XX:XX:XX
/interface sstp-client
add comment="Remote Winbox connection for xxxxxxxxx" connect-to=\
vpn1.remotewinbox.com disabled=no name=RemoteWinboxVPN1 user=\
xxxxxxxxxxxx
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.254.10-192.168.254.210
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=10h name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface="ether1 - Spectrum WAN" list=WAN
/ip address
add address=192.168.254.250/24 comment="DHCP bridge IP address range" \
interface=ether3 network=192.168.254.0
/ip dhcp-client
add comment=defconf disabled=no interface="ether1 - Spectrum WAN"
add default-route-distance=10 disabled=no interface="ether2 - ATT (cell) WAN"
/ip dhcp-server network
add address=192.168.254.0/24 comment=defconf gateway=192.168.254.250 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1,8.8.4.4
/ip dns static
add address=192.168.254.250 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="Allow Remote Winbox" in-interface=\
RemoteWinboxVPN1
add action=accept chain=input comment="Allow Remote Winbox" in-interface=\
RemoteWinboxVPN1
# no interface
add action=accept chain=input comment="Allow Remote Winbox" in-interface=*9
add action=accept chain=input comment="Allow Remote Winbox" in-interface=\
RemoteWinboxVPN1
add action=accept chain=input comment="Allow Remote Winbox" in-interface=\
RemoteWinboxVPN1
add action=accept chain=input comment="Allow Remote Winbox" in-interface=\
RemoteWinboxVPN1
add action=accept chain=input comment="Allow Remote Winbox" in-interface=\
RemoteWinboxVPN1
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface="ether1 - Spectrum WAN" out-interface-list=WAN
add action=masquerade chain=srcnat out-interface="ether2 - ATT (cell) WAN"
/system clock
set time-zone-name=America/Chicago
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-mac-address=XX:XX:XX:XX:XX:XX/FF:FF:FF:FF:FF:FF
[admin@MikroTik] >