client -> QuickConnect Firewall->MikroTik router
I've finally gotten multiple client VPN's successfully connected to the MikroTik through the firewall and successfully pulling IP addresses from a DHCP pool, but now these clients can't access the internet.
When I do a "tracert yahoo.com" the client only gets to the MikroTik router.

Caveat, I've set up NAT. So I'm not even sure if NAT is working properly. On a Cisco router I could simply type in "show ip nat tr" in the console and I could see if NAT was working properly. Is there such a command for MikroTik?

also, looking at some other posts, it "might" be possible that the MTU size is not corrected with this NAT/DHCP setup, so I found that entering the following rules might help:

/ ip firewall mangle
add chain=forward tcp-flags=syn action=jump jump-target=mss comment="\[tcp\], mss" disabled=no
add chain=mss protocol=tcp tcp-flags=syn tcp-mss=!536-1460 action=change-mss new-mss=1440 comment="\[tcp\], mss fixation" disabled=no
add chain=mss protocol=tcp tcp-flags=syn tcp-mss=1453-65535 action=change-mss new-mss=1440 comment="\[tcp\], mss 1440 for mtu 1492" disabled=no
add chain=mss protocol=tcp tcp-flags=syn action=change-mss new-mss=clamp-to-pmtu comment="\[tcp\], mss clamp-to-pmtu" disabled=no
add chain=prerouting action=change-ttl new-ttl=set:65 comment="\[tcp\], mss ttl fix" disabled=no

However, after entering the above info, I couldn't even reach the MikroTik router, so I deleted the above info.

And are there any suggestions for why the clients can't reach the internet while in the DHCP pool? I will send any configuration info requested. Thanks in advance for any help given.

When I do a "tracert yahoo.com" the client only gets to the MikroTik router.

Caveat, I've set up NAT. So I'm not even sure if NAT is working properly.

And are there any suggestions for why the clients can't reach the internet while in the DHCP pool?

你有something similar in your firewall rules?

what I do have is below:

/ip firewall nat> print
1 X chain=dstnat action=redirect to-ports=3128 in-interface=ProxyMailDns dst-port=80
protocol=tcp
2 X chain=dstnat action=redirect to-ports=3128 dst-address=x.x.x.x
in-interface=Xxxxxxxxxxxx dst-port=80 protocol=tcp
3 X ;;; Satelite - Backup NAT rule to bypass Satelite - Disable all other rules
chain=srcnat action=masquerade out-interface=DVB
4 X chain=srcnat action=masquerade src-address=192.168.53.0/24 out-interface=DVB
5 X chain=dstnat action=passthrough dst-address=192.168.53.2 src-port=2210
dst-port=2210 protocol=tcp
6 X chain=dstnat action=dst-nat to-addresses=10.17.200.10 to-ports=3389
src-address=x.x.x.x dst-address=10.17.200.10 dst-port=3389 protocol=tcp
7 X chain=dstnat action=dst-nat to-addresses=192.168.53.2 to-ports=3389
dst-address=192.168.53.1 dst-port=3389 protocol=tcp
8 X ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.15.1.33
9 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.0.0.0/7
10 ;;; CompNat
chain=srcnat action=masquerade src-address=192.168.10.0/24
out-interface=CompVlan

Fixed, my out interface was wrong. I switched it to the correct out interface and all was fine. I NAT'd to the outside and got internet access.