Tue Jan 31, 2023 11:24 pm
(1) This is a setting I rarely if ever see, suggest unless there is a reason to remove it.............
/ip firewall connection tracking
set tcp-established-timeout=30m
(2) HERE IS THE MAIN PROBLEM
FROM:
/ip address
add address=172.16.0.1/24 interface=ether5-Rede_local network=172.16.0.0
TO:
/ip address
add address=172.16.0.1/24 interface=REDE_LOCAL_PONTE network=172.16.0.0
(3) The IP DHCP CLIENT should be DISABLED, your WAN is through the pppoe interface!!!!
/ip dhcp-client
add disabled=no interface=ether1-Redel
(4) Assuming 8291 is your winbox port, REMOVE IMMEDIATELY THIS IS A SECURITY RISK!!!!
add action=accept chain=input dst-port=8291 in-interface-list=OPERADORAS \
protocol=tcp
You should never access the winbox port directly from external www. Change to something like
add action=accept chain=input dst-port=8291 in-interface=REDE_LOCAL_PONTE
protocol=tcp
If you want to remotely configure the mikrotik, then use wireguard to tunnel into the router and then access winbox.