It sounds like you might have something messed up in your rules. Post /export compact
# aug/05/2013 20:49:18 by RouterOS 6.1
# software id = LQCC-ADHK
#
/interface wireless
set 0 band=2ghz-b/g/n country="united states" frequency=2437 l2mtu=2290 mode=\
bridge ssid=MGMT
/interface ethernet
set 0 name=ether1-shclan
set 1 name=ether2-smglan
set 2 name=ether3-voiplan
set 3 name=ether4-dsl
set 4 name=ether5-t1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods=\
passthrough group-ciphers=tkip,aes-ccm group-key-update=1h mode=\
dynamic-keys unicast-ciphers=tkip,aes-ccm wpa2-pre-shared-key=5T7tznvpaJ
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=mgmtpool ranges=192.168.99.2-192.168.99.254
add name=shclan ranges=192.168.1.100-192.168.1.199
add name=smglan ranges=192.168.100.100-192.168.100.199
/ip dhcp-server
add address-pool=mgmtpool authoritative=yes disabled=no interface=wlan1 \
lease-time=12h name=wlan-dhcp
add address-pool=shclan authoritative=yes disabled=no interface=ether1-shclan \
lease-time=1d name=shclan
add address-pool=smglan authoritative=yes disabled=no interface=ether2-smglan \
lease-time=1d name=smglan
/system logging action
set 3 remote=192.168.1.147
/ip address
add address=192.168.1.1/24 interface=ether1-shclan network=192.168.1.0
add address=ip.add.re.ss/29 interface=ether5-t1 network=ip.add.re.ss
add address=192.168.100.1/24 interface=ether2-smglan network=192.168.100.0
add address=192.168.200.1/24 interface=ether3-voiplan network=192.168.200.0
add address=192.168.99.1/24 interface=wlan1 network=192.168.99.0
add address=ip.add.re.ss/25 comment="xxx DSL" interface=ether4-dsl \
network=ip.add.re.ss
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.10 domain=intergy.local \
gateway=192.168.1.1 wins-server=192.168.1.10
add address=192.168.99.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.99.1 \
netmask=24 ntp-server=129.6.15.28
add address=192.168.100.0/24 dns-server=192.168.100.10 domain=intergy.local \
gateway=192.168.100.1 wins-server=192.168.100.10
/ip dns
set allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=512 \
servers=221.132.112.8,8.8.8.8
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add chain=input comment="accept winbox always" dst-port=8291 protocol=tcp
add action=drop chain=input connection-state=invalid
add chain=input connection-state=established
add chain=input connection-state=related
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
protocol=tcp src-address-list=ftp_blacklist
add action=add-dst-to-address-list address-list=ftp_blacklist chain=output \
content="530 Login incorrect" dst-address-list=ftp_stage3 protocol=tcp
add action=add-dst-to-address-list address-list=ftp_stage3 \
address-list-timeout=1m chain=output content="530 Login incorrect" \
dst-address-list=ftp_stage2 protocol=tcp
add action=add-dst-to-address-list address-list=ftp_stage2 \
address-list-timeout=1m chain=output content="530 Login incorrect" \
dst-address-list=ftp_stage1 protocol=tcp
add action=add-dst-to-address-list address-list=ftp_stage1 \
address-list-timeout=1m chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment=ddos src-address=86.122.170.64
add action=drop chain=input comment=ddos src-address=220.178.18.67
add action=jump chain=input comment="jump to filter_226" dst-address=\
ip.add.re.ss jump-target=filter_226
add chain=filter_226 comment="winbox and ssh" dst-port=22,8291,3389,3390,3391 \
protocol=tcp
add action=drop chain=filter_226
/ip firewall mangle
add action=mark-connection chain=input in-interface=ether5-t1 \
new-connection-mark=ether5-t1_conn
add action=mark-connection chain=input in-interface=ether4-dsl \
new-connection-mark=ether4-dsl_conn
add action=mark-routing chain=output connection-mark=ether5-t1_conn \
new-routing-mark=to_ether5-t1
add action=mark-routing chain=output connection-mark=ether4-dsl_conn \
new-routing-mark=to_ether4-dsl
add chain=prerouting dst-address=ip.add.re.ss/29 in-interface=ether1-shclan
add chain=prerouting dst-address=ip.add.re.ss/25 in-interface=ether1-shclan
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=ether1-shclan new-connection-mark=ether5-t1_conn \
per-connection-classifier=both-addresses-and-ports:4/0
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=ether1-shclan new-connection-mark=ether4-dsl_conn \
per-connection-classifier=both-addresses-and-ports:4/1
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=ether1-shclan new-connection-mark=ether4-dsl_conn \
per-connection-classifier=both-addresses-and-ports:4/2
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=ether1-shclan new-connection-mark=ether4-dsl_conn \
per-connection-classifier=both-addresses-and-ports:4/3
add action=mark-connection chain=prerouting dst-address-type=!local \
in-interface=ether1-shclan new-connection-mark=ether4-dsl_conn \
per-connection-classifier=both-addresses-and-ports:4/4
add action=mark-routing chain=prerouting connection-mark=ether5-t1_conn \
in-interface=ether1-shclan new-routing-mark=to_ether5-t1
add action=mark-routing chain=prerouting connection-mark=ether4-dsl_conn \
in-interface=ether1-shclan new-routing-mark=to_ether4-dsl
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether5-t1
add action=masquerade chain=srcnat out-interface=ether4-dsl
add action=src-nat chain=srcnat comment=DSL out-interface=\
ether4-dsl src-address=192.168.1.101 to-addresses=ip.add.re.ss
add action=masquerade chain=srcnat comment="out T1" disabled=no \
out-interface=ether5-t1
add action=dst-nat chain=dstnat comment="SHC Terminal Services" dst-address=\
ip.add.re.ss dst-port=3390 protocol=tcp to-addresses=192.168.1.12 \
to-ports=3390
add action=masquerade chain=srcnat comment="SHC Terminal Services Hairpin" \
dst-address=192.168.1.12 dst-port=3390 out-interface=ether1-shclan \
protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment="SMG Terminal Services" dst-address=\
ip.add.re.ss dst-port=3389 protocol=tcp to-addresses=192.168.100.15 \
to-ports=3389
add action=masquerade chain=srcnat comment="SMG Terminal Services Hairpin" \
dst-address=192.168.100.15 dst-port=3389 out-interface=ether2-smglan \
protocol=tcp src-address=192.168.100.0/24
add action=dst-nat chain=dstnat comment="HeartCentrix RDP" dst-address=\
ip.add.re.ss dst-port=3391 protocol=tcp to-addresses=192.168.1.13 \
to-ports=3389
add action=masquerade chain=srcnat comment="Heart Centrix Hairpin" \
dst-address=192.168.1.13 dst-port=3391 out-interface=ether1-shclan \
protocol=tcp src-address=192.168.1.0/24 to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment="SHC Terminal Services - DSL" \
dst-address=ip.add.re.ss dst-port=3390 protocol=tcp to-addresses=\
192.168.1.12 to-ports=3390
add action=masquerade chain=srcnat comment=\
"SHC Terminal Services Hairpin - DSL" dst-address=192.168.1.12 dst-port=\
3390 out-interface=ether1-shclan protocol=tcp src-address=192.168.1.0/24
add action=dst-nat chain=dstnat comment="SMG terminal Services - DSL" \
dst-address=ip.add.re.ss dst-port=3389 protocol=tcp to-addresses=\
192.168.100.15 to-ports=3389
add action=masquerade chain=srcnat comment=\
"SMG Terminal Services Hairpin - DSL" dst-address=192.168.100.15 \
dst-port=3389 out-interface=ether2-smglan protocol=tcp src-address=\
192.168.100.0/24
add action=dst-nat chain=dstnat comment="HeartCentrix RDP - DSL" dst-address=\
ip.add.re.ss dst-port=3391 protocol=tcp to-addresses=192.168.1.13 \
to-ports=3389
add action=masquerade chain=srcnat comment="Heart Centrix Hairpin - DSL" \
dst-address=192.168.1.13 dst-port=3391 out-interface=ether1-shclan \
protocol=tcp src-address=192.168.1.0/24 to-addresses=0.0.0.0
/ip route
add check-gateway=ping disabled=no distance=1 gateway=ip.add.re.ss \
routing-mark=to_ether5-t1
add check-gateway=ping distance=1 gateway=ip.add.re.ss routing-mark=\
to_ether4-dsl
add check-gateway=ping distance=2 gateway=ip.add.re.ss
add check-gateway=ping disabled=no distance=1 gateway=ip.add.re.ss
/ip service
set telnet disabled=yes
set www disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no show-dummy-rule=no
/system clock
set time-zone-name=America/New_York
/system identity
set name=shc-rt00
/system leds
set 0 interface=wlan1
/system logging
set 1 action=echo
set 2 action=echo
add action=echo topics=dhcp
add action=remote topics=error
add action=remote topics=warning
add action=remote topics=critical
add action=echo topics=account
/system ntp client
set enabled=yes mode=unicast primary-ntp=129.6.15.28