ponte在ROS路由器下无法入站

hher

前提: 公司和家里，都有公网，两地的UDP:6208的公网映射在软路由中都开了，公司用的是iKuai主路由，家里和公司都使用mac版本surge且都开了ponte并做好了规则

情况1(正常): 家里用iKuai当主路由，使用ponte从家里到公司能通，反向从公司到家里也能通，全都正常使用

情况2(异常): 家里用RouterOS当主路由，使用ponte从家里到公司不通，反向从公司到家里能通，一半正常一半不正常

以下是我完整的ROS配置(部分敏感信息已脱敏)，有没有大佬帮我解决疑难杂症！

/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=LAN
set [ find default-name=ether2 ] disable-running-check=no name=WAN
/ip dhcp-server option
add code=3 name=Surge-gateway value="'10.0.0.2'"
add code=6 name=Surge-dns value="'198.18.0.2'"
/ip pool
add name=dhcp_pool0 ranges=10.0.0.101-10.0.0.199
/ip dhcp-server
add address-pool=dhcp_pool0 interface=LAN lease-time=2h name=dhcp1
/interface pppoe-client
add add-default-route=yes disabled=no interface=WAN name=pppoe user=0123456789
/ip address
add address=10.0.0.1/24 interface=LAN network=10.0.0.0
/ip dhcp-client
add interface=LAN
/ip dhcp-server lease
add address=10.0.0.2 client-id=1:da:dc:df:da:dc:df comment=Surge-SideRouter \
mac-address=DA😃C😃F😃A😃C😃F server=dhcp1
add address=10.0.0.10 client-id=1:8c:1f:64:8c:1f:64 comment=\
"Win10" dhcp-option=\
Surge-gateway,Surge-dns mac-address=8C:1F:64:8C:1F:64 server=dhcp1
add address=10.0.0.20 client-id=1:42:59:be:42:59:be comment=\
"iPhone" dhcp-option=Surge-gateway,Surge-dns mac-address=\
42:59:BE:42:59:BE server=dhcp1
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.1 gateway=10.0.0.1
/ip dns
set allow-remote-requests=yes servers=119.29.29.29,223.5.5.5
/ip firewall filter
add action=fasttrack-connection chain=forward hw-offload=yes
add action=accept chain=input connection-state=established,related
add action=accept chain=forward connection-state=established,related
add action=drop chain=input in-interface=pppoe
add action=drop chain=forward connection-nat-state=!dstnat in-interface=pppoe
/ip firewall nat
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat comment=Surge-Ponte dst-port=6208 \
protocol=udp to-addresses=10.0.0.2 to-ports=6208
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system ntp client
set enabled=yes
/system ntp client servers