I've got a setup with a small set of firewall rules to permit inbound connections on a set of TCP ports, which are bound/listened to by the routerOS HTTPS and SSH services.
I've changed the input ports from their defaults (to provide at least smoke-screen level security), and added INPUT chain firewall rules to permit connections from the WAN-side interface.
I've also built a single DST-NAT pinhole to allow outside hosts to connect via SSH to a raspberry pi on the inside(LAN) network.
All of these forwarding rules worked when I was done with the setup, I could connect from an outside host to the mikrotik via HTTP(webFig) and SSH. I could also connect from an outside host to the raspberry pi via the pinhole/NAT rule. This worked for "at least a little while" - I won't bother lying and making up how long it was when I went back, it might have been an hour or it might have been a few hours -- but when I went back none of those connections were working. Thinking I'd screwed something up, I just rebooted the system, and after it booted back up the pinholes and external access worked again. I left later that afternoon, and by the time I got back home those forwarding rules had quit working again.
This smells to me like it's timing related, possibly where an initial connection is allowed but once that times out, future connections are blocked somehow? I'm sort of at a loss on what to look for here. I've got lots of experience with the networking side in general, but I'm new to the routerOS environment so I'm not totally sure what I should be looking for. The stuff that really matters at the moment is the "inside to outside" connectivity and it all works fine, but when I get back on site I'd like to have some idea of what specific things to try and/or look at.
Help?